Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
9c23f857-b0b9-47d6-b664-47a3132066f4.exe

Overview

General Information

Sample name:9c23f857-b0b9-47d6-b664-47a3132066f4.exe
renamed because original name is a hash value
Original sample name:9c23f857-b0b9-47d6-b664-47a3132066f4
Analysis ID:1403894
MD5:8b92571e4f2e6ef1aafd903796a9c152
SHA1:f18491b49826dfbfc7760f08fd6d2339d15e0658
SHA256:0172a96a870e24b01533c188b0abc4063ecbcce6c080b88684d8129b67ff31c1
Infos:

Detection

Score:40
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:47
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Found stalling execution ending in API Sleep call
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (might use process or thread times for sandbox detection)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • 9c23f857-b0b9-47d6-b664-47a3132066f4.exe (PID: 7024 cmdline: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe MD5: 8B92571E4F2E6EF1AAFD903796A9C152)
    • chrome.exe (PID: 7136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1848,i,2207139316729588946,8923005645512885988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • SetupEngine.exe (PID: 7880 cmdline: "C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348 MD5: 599BAD8E7D2363415B86A08F4ACD243A)
      • cmd.exe (PID: 8056 cmdline: cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xml MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • diskspd.exe (PID: 4180 cmdline: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp MD5: FC41CABDD3C18079985AC5F648F58A90)
      • chrome.exe (PID: 7488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=2000,i,3858328965028231226,10247695033159646713,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • fast!.exe (PID: 7812 cmdline: C:\Program Files (x86)\Fast!\Fast!.exe MD5: A2EF6C8CCFBEEE722F02C9744272449A)
  • svchost.exe (PID: 6472 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • FastSRV.exe (PID: 7440 cmdline: C:\Program Files (x86)\Fast!\FastSRV.exe MD5: 99A0AFAF20877C3807D5EF292FACDDC7)
    • fast!.exe (PID: 7020 cmdline: C:\Program Files (x86)\fast!\fast!.exe MD5: A2EF6C8CCFBEEE722F02C9744272449A)
      • nw.exe (PID: 1904 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\. MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 2356 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x238,0x23c,0x240,0x210,0x244,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 5080 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:2 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 3220 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 2932 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2428 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 7164 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709714839247985 --launch-time-ticks=3885297285 --mojo-platform-channel-handle=3152 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:1 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • nw.exe (PID: 6916 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3984 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 1220 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3864 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 7116 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3768 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6472, ProcessName: svchost.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\Fast!\fast!.exeReversingLabs: Detection: 25%
Source: C:\Program Files (x86)\Fast!\fast!.exeVirustotal: Detection: 29%Perma Link
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeVirustotal: Detection: 8%Perma Link
Multi AV Scanner detection for submitted file
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeVirustotal: Detection: 16%Perma Link
Source: https://veryfast.io/installing2.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon
Source: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon

Compliance

barindex
Uses 32bit PE files
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: UxTheme.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb[jV source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: w.dll.pdbV source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdb source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowManagementAPI.pdbWindows.UI.pdbi source: nw.exe, 00000013.00000003.2432160354.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: advapi32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: &Windows.Storage.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernel32.pdb source: nw.exe, 00000013.00000003.2427003235.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2426209108.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431582153.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431829275.0000020D0B8BB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: nw.exe, 00000012.00000000.2392020416.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000000.2400076207.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B87A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427721589.0000020D0B87A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000014.00000000.2405652249.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000015.00000000.2409912163.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000016.00000000.2438736245.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000017.00000000.2450573092.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000000.2553810302.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2564746716.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: wkscli.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.Media.pdb source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: InputHost.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winspool.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iphlpapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wpnapps.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "CoreMessaging.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gpapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: powrprof.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\FastSRV\Release\FastSRV.pdb source: FastSRV.exe, 0000000C.00000000.2359778499.000000000093F000.00000002.00000001.01000000.00000016.sdmp, FastSRV.exe, 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: ThreadPoolForegroundWorkernapi.appcore.pdbA source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.UI.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb.dll=jp source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gpapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: napi.appcore.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cfgmgr32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: nw.exe, 00000012.00000003.2438675840.000001A5587C8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,TextInputFramework.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: secur32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdbGCTL source: diskspd.exe, 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp
Source: Binary string: netutils.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernelbase.pdb source: nw.exe, 00000013.00000003.2427003235.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2426209108.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431582153.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431829275.0000020D0B8BB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinTypes.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb] source: nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dhcpcsvc.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowManagementAPI.pdb source: nw.exe, 00000013.00000003.2432160354.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2425785178.0000020D0D63A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427264530.0000020D0D63A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: &twinapi.appcore.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MMDevAPI.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ts.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp_win.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdbt.dllj source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setupapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdb source: diskspd.exe, diskspd.exe, 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp
Source: Binary string: winhttp.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb source: fast!.exe, 0000000F.00000000.2364649207.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2374020148.00000000003F0000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: gdi32full.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tFramework.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (CoreUIComponents.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: RmClient.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\wpnapps.dlltFramework.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: fmpeg.dll.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb_ source: fast!.exe, 0000000F.00000000.2364649207.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2374020148.00000000003F0000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: gdi32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dhcpcsvc6.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: nw.exe, 00000013.00000003.2427003235.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2426209108.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431582153.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431829275.0000020D0B8BB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowManagementAPI.pdbows.UI.dll resources* source: nw.exe, 00000013.00000003.2425785178.0000020D0D63A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427264530.0000020D0D63A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: propsys.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: $Kernel.Appcore.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\CoreMessaging.dllts.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: version.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (CoreUIComponents.pdb)* source: nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wintrust.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (bcryptprimitives.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: w.dll.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: nw.exe, 00000013.00000003.2427003235.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2426209108.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431582153.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431829275.0000020D0B8BB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wtsapi32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: comctl32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: z:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: x:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: v:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: t:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: r:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: p:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: n:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: l:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: j:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: h:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: f:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: b:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: y:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: w:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: u:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: s:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: q:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: o:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: m:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: k:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: i:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: g:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: e:
Source: C:\Windows\explorer.exeFile opened: c:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: a:
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405C49
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_00406873 FindFirstFileW,FindClose,7_2_00406873
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_0040290B FindFirstFileW,7_2_0040290B
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00936EE1 FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00936EE1
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003DF3F6 FindFirstFileExW,FindNextFileW,FindClose,FindClose,17_2_003DF3F6
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153BC1C0 FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,28_2_00007FF7153BC1C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0037F410 InternetCheckConnectionW,InternetCheckConnectionW,InternetCheckConnectionW,RegCreateKeyW,RegSetKeyValueW,CloseHandle,17_2_0037F410
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: nw.exe, 00000012.00000003.2438462651.000001A5585A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162f
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078:
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586~T
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862f
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428Y
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551?
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633H
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/47229
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836$
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836r
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901$
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: nw.exe, 00000012.00000003.2438462651.000001A5585A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055X
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371G
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430;
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881M
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881w
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/59019
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906A
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906T
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906c
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041-
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048j
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651C
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/68766
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929M
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047;
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488(
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
Source: nw.exe, 00000012.00000003.2438462651.000001A5585FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162u
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8291
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8297
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000019.00000000.2474589836.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2467845224.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986158160.0000000003351000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943768578.0000000003351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985148734.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984508908.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384637411.000000000077A000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.000000000077A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2732773877.000001C38B263000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2663582422.000001C38C527000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662749958.000001C38B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: nw.exe, 00000017.00000003.2662266899.000001C38C77B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: nw.exe, 00000017.00000003.2662266899.000001C38C77B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crla
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: nw.exe, 00000017.00000003.2663582422.000001C38C58A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: nw.exe, 00000017.00000003.2663582422.000001C38C58A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: nw.exe, 00000017.00000003.2663582422.000001C38C527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: explorer.exe, 00000019.00000000.2474589836.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2467845224.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986158160.0000000003351000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943768578.0000000003351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: explorer.exe, 00000019.00000000.2474589836.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2467845224.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: nw.exe, 00000017.00000003.2454271835.00002AA00048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2454085713.00002AA000480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2454052955.00002AA000474000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crrev.com/c/2555698.
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: svchost.exe, 00000002.00000003.2393486120.000001D2EC692000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1768514050.000001D2EC6A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC6A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC6A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC6A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC6A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC6A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC6DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC797000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000000.1690977973.000000000040A000.00000008.00000001.01000000.00000003.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SetupEngine.exe, 00000007.00000000.1973907255.000000000040A000.00000008.00000001.01000000.0000000E.sdmp, SetupEngine.exe, 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: nw.exe, 00000017.00000003.2732773877.000001C38B263000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662749958.000001C38B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: nw.exe, 00000017.00000003.2663490135.000001C38C642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: nw.exe, 00000017.00000003.2732773877.000001C38B263000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662749958.000001C38B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esYZ
Source: explorer.exe, 00000019.00000000.2474589836.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2467845224.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986158160.0000000003351000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943768578.0000000003351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000019.00000000.2467845224.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: nw.exe, 00000017.00000003.2663490135.000001C38C642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: explorer.exe, 00000019.00000000.2477474851.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000019.00000000.2471240768.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000019.00000000.2472425831.0000000008720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: nw.exe, 00000017.00000003.2663582422.000001C38C58A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLWeightSlantThinExtraLightLightRegularMediumSemiBoldBoldExtraBoldBlack
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: nw.exe, 00000017.00000003.2732773877.000001C38B263000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2663490135.000001C38C642000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662749958.000001C38B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: nw.exe, 00000017.00000003.2662634021.000001C38C6AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: nw.exe, 00000017.00000003.2663490135.000001C38C642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: nw.exe, 00000017.00000003.2662634021.000001C38C6AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: nw.exe, 00000017.00000003.2663490135.000001C38C642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: nw.exe, 00000017.00000003.2663490135.000001C38C642000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662634021.000001C38C6AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: nw.exe, 00000017.00000003.2662266899.000001C38C77B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662634021.000001C38C6AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: nw.exe, 00000017.00000003.2662266899.000001C38C77B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/r
Source: nw.exe, 00000017.00000003.2663582422.000001C38C527000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2663490135.000001C38C642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: nw.exe, 00000017.00000003.2663582422.000001C38C5F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: nw.exe, 00000017.00000003.2662266899.000001C38C77B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: nw.exe, 00000017.00000003.2663582422.000001C38C5F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsa
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: nw.exe, 0000001C.00000002.2559881697.000002EC727C7000.00000002.00000001.00040000.00000028.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser/
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/P
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html-
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: explorer.exe, 00000019.00000000.2488899266.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000019.00000000.2467845224.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000019.00000000.2467845224.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000019.00000000.2488899266.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308o
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369-
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369D
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369q
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604y
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714i
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899H
Source: explorer.exe, 00000019.00000000.2474589836.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000019.00000000.2474589836.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000019.00000000.2463542187.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2459864512.0000000001240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000019.00000000.2474589836.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2474589836.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000019.00000000.2474589836.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000019.00000000.2467845224.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000019.00000000.2467845224.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: nw.exe, 00000012.00000003.2438675840.000001A5587A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: nw.exe, 00000012.00000003.2438675840.000001A5587A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB7~N
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: nw.exe, nw.exe, 0000001C.00000000.2553810302.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2564746716.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: nw.exe, nw.exe, 0000001C.00000000.2553810302.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2564746716.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: nw.exe, 00000012.00000000.2392020416.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000000.2400076207.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000014.00000000.2405652249.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000015.00000000.2409912163.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000016.00000000.2438736245.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000017.00000000.2450573092.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000000.2553810302.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2564746716.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: nw.exe, 00000017.00000003.2659325221.0000457E00902000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00602000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523831415.0000457E00682000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1297276
Source: nw.exe, 00000017.00000003.2659325221.0000457E00902000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00602000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523831415.0000457E00682000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1309302
Source: nw.exe, 00000017.00000003.2659325221.0000457E00902000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00602000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523831415.0000457E00682000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E000C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/701034
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: nw.exe, 00000017.00000003.2732773877.000001C38B1CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: nw.exe, 00000017.00000003.2732773877.000001C38B1CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy:
Source: nw.exe, 00000017.00000003.2732773877.000001C38B1CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dom.spec.whatwg.org/#interface-abortcontroller
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dom.spec.whatwg.org/#interface-eventtarget
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: explorer.exe, 00000019.00000000.2488899266.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.go
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gogleapis.com/css2?family
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/bm
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2
Source: nw.exe, 00000017.00000003.2519465428.00002AA000510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Inter:wght
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2Jo
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2NodQ
Source: nw.exe, 00000017.00000003.2628234261.00002AA0005B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2)
Source: nw.exe, 00000017.00000003.2662749958.000001C38B1E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Source: nw.exe, 00000017.00000003.2628234261.00002AA0005B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2)
Source: nw.exe, 00000017.00000003.2662749958.000001C38B1E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff29
Source: nw.exe, 00000017.00000003.2662749958.000001C38B1E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2G
Source: nw.exe, 00000017.00000003.2662749958.000001C38B1E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2u
Source: nw.exe, 00000017.00000003.2628234261.00002AA0005B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1pL7SUc.woff2)
Source: nw.exe, 00000017.00000003.2628234261.00002AA0005B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2)
Source: nw.exe, 00000017.00000003.2628234261.00002AA0005B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2)
Source: nw.exe, 00000017.00000003.2628234261.00002AA0005B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2)
Source: nw.exe, 00000017.00000003.2628234261.00002AA0005B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7SUc.woff2)
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662749958.000001C38B1E4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662749958.000001C38B188000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2732773877.000001C38B1CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/ucc73fwrk3iltehus_fvqtmwcp50knma1zl7.woff2
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662749958.000001C38B1E4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2732773877.000001C38B1CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/ucc73fwrk3iltehus_fvqtmwcp50knma1zl7.woff2l
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662749958.000001C38B188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/ucc73fwrk3iltehus_fvqtmwcp50knma1zl7.woff2o
Source: nw.exe, 00000017.00000003.2454271835.00002AA00048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2454085713.00002AA000480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F42000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC78F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/denoland/deno/blob/v1.29.1/ext/crypto/00_crypto.js#L195
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/2025.
Source: nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: nw.exe, 00000017.00000003.2657872461.0000457E00682000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: nw.exe, 00000017.00000003.2455401549.000001C34A112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E00982000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E00982000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: nw.exe, 00000017.00000003.2660658347.0000457E00582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: nw.exe, 00000017.00000003.2660658347.0000457E00582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E00982000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: nw.exe, 00000017.00000003.2660658347.0000457E00582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/44004#discussion_r930958420
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/46528
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/48477#issuecomment-1604586650
Source: nw.exe, 00000017.00000003.2663582422.000001C38C58A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: nw.exe, 00000017.00000003.2657872461.0000457E00982000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: nw.exe, 00000017.00000003.2454271835.00002AA00048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2454085713.00002AA000480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F42000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/omise
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: nw.exe, 00000017.00000003.2454271835.00002AA00048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2454085713.00002AA000480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F42000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: nw.exe, 00000017.00000003.2454271835.00002AA00048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2454085713.00002AA000480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F42000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
Source: nw.exe, 00000017.00000003.2454271835.00002AA00048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2454085713.00002AA000480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F42000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2453798566.000001C349F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: nw.exe, 00000017.00000003.2523831415.0000457E00742000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E00742000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/web-messaging.html#broadcasting-to-other-browsing-contexts
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope.
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000019.00000000.2467845224.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273f
Source: nw.exe, 00000017.00000003.2523831415.0000457E00742000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E00742000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/permissions.html#file-system-permissions
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/P
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000002.00000003.1768514050.000001D2EC6E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: explorer.exe, 00000019.00000000.2488899266.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
Source: explorer.exe, 00000019.00000000.2488899266.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
Source: nw.exe, 00000017.00000003.2660925900.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: nw.exe, 00000017.00000003.2660925900.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986018059.0000000003300000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1793792723.0000000003359000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986018059.0000000003337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986018059.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/HB
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1793792723.0000000003359000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1793847612.0000000003372000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983696430.000000000336E000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986018059.0000000003337000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983677542.0000000003359000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984665221.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.338/SetupEngine.exe
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984474823.000000000336F000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986343046.000000000336F000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943798727.000000000336E000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983696430.000000000336E000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983677542.0000000003359000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984665221.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.338/SetupEngine.exes
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984508908.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985148734.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/from
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: nw.exe, 00000017.00000003.2523831415.0000457E00742000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E00742000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: nw.exe, 00000017.00000003.2660658347.0000457E00582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/s.comX=
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#eqn-modulo
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: nw.exe, 00000017.00000003.2523831415.0000457E00742000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E00742000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://v8.dev/blog/v8-release-89
Source: fast!.exe, fast!.exe, 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2374020148.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, nw.exe, 00000017.00000003.2661721917.00002AA000660000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661395934.00002AA000650000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/
Source: nw.exe, 00000017.00000003.2659325221.0000457E00842000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/-
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1793792723.0000000003359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/-end-point:
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io//pixel.gif
Source: nw.exe, 00000017.00000003.2732773877.000001C38B1CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io//pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=2.338&evt_src=produ
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1793792723.0000000003359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/0
Source: SetupEngine.exe, 00000007.00000003.2384637411.000000000077A000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.000000000077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/3
Source: fast!.exe, 0000000F.00000003.2408566190.0000000003A21000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2412311193.0000000003A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/4
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984474823.000000000335A000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986199824.000000000335A000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983677542.0000000003359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/LMEMH
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984474823.000000000335A000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986199824.000000000335A000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983677542.0000000003359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/LMEMHP~s
Source: SetupEngine.exe, 00000007.00000002.2389120599.0000000004711000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384927105.0000000004710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/X
Source: fast!.exe, 0000000F.00000003.2412070043.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2437582699.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2408239351.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2416152548.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2522479184.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/api/fast.php?a=configList&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=2.33
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/c
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983677542.0000000003359000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169
Source: SetupEngine.exe, 00000007.00000002.2389120599.0000000004711000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384927105.0000000004710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/indows.storage.dlll
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/inst_cpg.php?src=fast_mini&guid=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/inst_cpg.php?src=fast_mini&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=17095
Source: SetupEngine.exe, 00000007.00000002.2386694111.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=
Source: SetupEngine.exe, 00000007.00000002.2387457282.00000000007D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
Source: SetupEngine.exe, 00000007.00000002.2389120599.0000000004711000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384927105.0000000004710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348/
Source: SetupEngine.exe, 00000007.00000003.2384637411.00000000007D2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.00000000007D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=17095471691733484Z
Source: SetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348C
Source: SetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2388738537.0000000004701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348E
Source: SetupEngine.exe, 00000007.00000003.2384637411.00000000007D2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.00000000007D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348G)
Source: SetupEngine.exe, 00000007.00000002.2386694111.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348L
Source: SetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348U
Source: SetupEngine.exe, 00000007.00000003.2385087371.000000000472B000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384927105.0000000004710000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2389167199.000000000472C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348aC
Source: SetupEngine.exe, 00000007.00000002.2386694111.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348j
Source: SetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384637411.00000000007D2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2388738537.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.00000000007D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348o
Source: SetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348p
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984508908.00000000006EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
Source: nw.exe, 00000017.00000003.2660925900.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/keys/71434D56-1548-ED3D-AEE6-C75AECD93BF0.license
Source: nw.exe, 00000017.00000003.2660925900.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/keys/71434D56-1548-ED3D-AEE6-C75AECD93BF0.license5
Source: nw.exe, 00000017.00000003.2660925900.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/keys/71434D56-1548-ED3D-AEE6-C75AECD93BF0.licensed
Source: fast!.exe, 0000000F.00000003.2426253745.0000000003A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/on
Source: fast!.exe, 0000000F.00000003.2426253745.0000000003A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/onh
Source: fast!.exe, 0000000F.00000003.2437459395.0000000003A1D000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2426253745.0000000003A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/onz
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985148734.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984508908.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2388738537.0000000004701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/p
Source: SetupEngine.exe, 00000007.00000002.2386694111.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=&version=&evt_src=installer&evt_action=cancel
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984665221.000000000336F000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985148734.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&evt_s
Source: SetupEngine.exe, 00000007.00000003.2384038878.00000000046B9000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2359136905.00000000046A2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2189978143.00000000046E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&versi
Source: fast!.exe, 0000000F.00000003.2408176233.0000000000A03000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2409038758.0000000000A17000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2459688144.0000000000A12000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2437510630.0000000000A10000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2432450747.0000000000A19000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2427611945.0000000000A19000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2408494061.0000000000A14000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2437017883.0000000000A10000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2401529583.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2456798040.0000000000A11000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2521823398.0000000000A14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=2.338&evt_src=Fast
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/privacy.html?guid=By
Source: SetupEngine.exe, 00000007.00000002.2386694111.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/register.php?guid=
Source: SetupEngine.exe, 00000007.00000002.2388738537.00000000046DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2359136905.00000000046B9000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2359136905.00000000046DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2388738537.00000000046B9000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.00000000046B9000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.00000000046DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/register.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&ch
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/tos.html?guid=
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/FileAPI/#creating-revoking
Source: nw.exe, 00000017.00000003.2660658347.0000457E005AF000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: nw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webcrypto/#algorithm-normalization-normalize-an-algorithm
Source: nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#Exposed
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#Exposed.
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-integerpart
Source: nw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-DOMString
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000019.00000000.2488899266.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000019.00000000.2488899266.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/tokenYxABg
Source: nw.exe, 00000017.00000003.2729737803.000001C349FAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: nw.exe, 00000017.00000003.2660658347.0000457E005AF000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661191712.0000457E00542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2467845224.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000019.00000000.2467845224.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6266#section-4.3
Source: nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: nw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00385860 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetTickCount64,GetTickCount64,17_2_00385860
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00951446 NtQuerySystemInformation,NtQuerySystemInformation,10_2_00951446
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003946A0 OpenProcess,GetPriorityClass,NtQueryInformationProcess,17_2_003946A0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00394945 NtQueryInformationProcess,GetProcessPriorityBoost,NtQueryInformationProcess,17_2_00394945
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00390EF0 OpenProcess,NtSetInformationProcess,GetTickCount64,17_2_00390EF0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00385600 OpenProcess,NtSetInformationProcess,17_2_00385600
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00385F50 OpenProcess,NtSetInformationProcess,GetTickCount64,17_2_00385F50
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00951085: CreateEventA,GetLastError,DeviceIoControl,GetLastError,WaitForSingleObject,GetLastError,CloseHandle,10_2_00951085
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00922B30 WTSGetActiveConsoleSessionId,WaitForSingleObject,WTSGetActiveConsoleSessionId,WTSQueryUserToken,GetTokenInformation,GetLastError,GetLastError,wsprintfW,wsprintfW,DuplicateTokenEx,wsprintfW,wsprintfW,ConvertStringSidToSidW,wsprintfW,GetLengthSid,SetTokenInformation,wsprintfW,CloseHandle,wsprintfW,CreateProcessAsUserW,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,CloseHandle,GetLastError,wsprintfW,DestroyEnvironmentBlock,CloseHandle,CloseHandle,GetLastError,wsprintfW,CloseHandle,CloseHandle,GetLastError,wsprintfW,12_2_00922B30
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040352D
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile created: C:\Windows\SystemTemp\nw1904_698831813
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040755C0_2_0040755C
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00406D850_2_00406D85
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_0040755C7_2_0040755C
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_00406D857_2_00406D85
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00951F6010_2_00951F60
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_0094D64010_2_0094D640
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00921D2012_2_00921D20
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0092483012_2_00924830
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00935A1F12_2_00935A1F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00394FA717_2_00394FA7
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003A409017_2_003A4090
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0039E31017_2_0039E310
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0036C63017_2_0036C630
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0036C62017_2_0036C620
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0037668017_2_00376680
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0036C86017_2_0036C860
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003DE8C617_2_003DE8C6
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003C8A9017_2_003C8A90
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003D6CF417_2_003D6CF4
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00384D8017_2_00384D80
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003E306C17_2_003E306C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003A917017_2_003A9170
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0036C86017_2_0036C860
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003772F017_2_003772F0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003AB5D017_2_003AB5D0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003CD6E117_2_003CD6E1
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0036392017_2_00363920
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003D19D017_2_003D19D0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00391AB317_2_00391AB3
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0039FC0017_2_0039FC00
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00367CD017_2_00367CD0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003A9DE017_2_003A9DE0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0036FE5517_2_0036FE55
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71539FC0028_2_00007FF71539FC00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153A666028_2_00007FF7153A6660
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71534666028_2_00007FF715346660
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71534C63028_2_00007FF71534C630
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153D46E028_2_00007FF7153D46E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153626BC28_2_00007FF7153626BC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71538953028_2_00007FF715389530
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71549652028_2_00007FF715496520
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71536387028_2_00007FF715363870
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71549984C28_2_00007FF71549984C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7154B68DC28_2_00007FF7154B68DC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153CC91028_2_00007FF7153CC910
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71537B8A028_2_00007FF71537B8A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71548E76028_2_00007FF71548E760
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71534474C28_2_00007FF71534474C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71537580028_2_00007FF715375800
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71535A81028_2_00007FF71535A810
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71536225828_2_00007FF715362258
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71537522028_2_00007FF715375220
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71538023028_2_00007FF715380230
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71549E24C28_2_00007FF71549E24C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71534525228_2_00007FF715345252
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71534C30028_2_00007FF71534C300
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153A015028_2_00007FF7153A0150
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71534715028_2_00007FF715347150
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71549120428_2_00007FF715491204
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7154B61FC28_2_00007FF7154B61FC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153841A028_2_00007FF7153841A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7154B64E428_2_00007FF7154B64E4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153734F028_2_00007FF7153734F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71538B4D028_2_00007FF71538B4D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153633E828_2_00007FF7153633E8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71549140828_2_00007FF715491408
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153753C028_2_00007FF7153753C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715367E4828_2_00007FF715367E48
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715383D4628_2_00007FF715383D46
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71537DD4028_2_00007FF71537DD40
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715350DD828_2_00007FF715350DD8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715361DF428_2_00007FF715361DF4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71534BD9C28_2_00007FF71534BD9C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71537207028_2_00007FF715372070
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153CA04028_2_00007FF7153CA040
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153760E028_2_00007FF7153760E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715362F8428_2_00007FF715362F84
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71535DF3828_2_00007FF71535DF38
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715374FE028_2_00007FF715374FE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71549100028_2_00007FF715491000
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7154ACA4C28_2_00007FF7154ACA4C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7154C196028_2_00007FF7154C1960
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7154BF93028_2_00007FF7154BF930
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153A595028_2_00007FF7153A5950
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153AF9B028_2_00007FF7153AF9B0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71537AC7028_2_00007FF71537AC70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715375C7028_2_00007FF715375C70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715363CF828_2_00007FF715363CF8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71548ECF828_2_00007FF71548ECF8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715383C9D28_2_00007FF715383C9D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71534CB8228_2_00007FF71534CB82
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715374B8028_2_00007FF715374B80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715362B2028_2_00007FF715362B20
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715369B2228_2_00007FF715369B22
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF71535EB5028_2_00007FF71535EB50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153CABE028_2_00007FF7153CABE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153FFC1028_2_00007FF7153FFC10
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71538166030_2_00007FF715381660
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71534666030_2_00007FF715346660
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71534C63030_2_00007FF71534C630
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71539364030_2_00007FF715393640
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153D46E030_2_00007FF7153D46E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153626BC30_2_00007FF7153626BC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153B26D030_2_00007FF7153B26D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71538953030_2_00007FF715389530
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153B761030_2_00007FF7153B7610
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71536387030_2_00007FF715363870
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153B690030_2_00007FF7153B6900
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153CC91030_2_00007FF7153CC910
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71537B8A030_2_00007FF71537B8A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153D477030_2_00007FF7153D4770
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71534474C30_2_00007FF71534474C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153E37F030_2_00007FF7153E37F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71537580030_2_00007FF715375800
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153FE81030_2_00007FF7153FE810
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71535A81030_2_00007FF71535A810
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71536225830_2_00007FF715362258
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71537522030_2_00007FF715375220
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71538023030_2_00007FF715380230
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71534525230_2_00007FF715345252
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71534C30030_2_00007FF71534C300
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153FF2D030_2_00007FF7153FF2D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71539017030_2_00007FF715390170
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71539213030_2_00007FF715392130
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153A015030_2_00007FF7153A0150
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71534715030_2_00007FF715347150
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153B61E030_2_00007FF7153B61E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153841A030_2_00007FF7153841A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153991B030_2_00007FF7153991B0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7154161D030_2_00007FF7154161D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153734F030_2_00007FF7153734F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71538B4D030_2_00007FF71538B4D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153633E830_2_00007FF7153633E8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153753C030_2_00007FF7153753C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715390E7030_2_00007FF715390E70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715367E4830_2_00007FF715367E48
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153E5EE030_2_00007FF7153E5EE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715383D4630_2_00007FF715383D46
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71537DD4030_2_00007FF71537DD40
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715350DD830_2_00007FF715350DD8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715361DF430_2_00007FF715361DF4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71534BD9C30_2_00007FF71534BD9C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71537207030_2_00007FF715372070
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153CA04030_2_00007FF7153CA040
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153C00E030_2_00007FF7153C00E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153760E030_2_00007FF7153760E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715372F7030_2_00007FF715372F70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715362F8430_2_00007FF715362F84
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71535DF3830_2_00007FF71535DF38
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715374FE030_2_00007FF715374FE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715417FE030_2_00007FF715417FE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715372AF030_2_00007FF715372AF0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153939B030_2_00007FF7153939B0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153AF9B030_2_00007FF7153AF9B0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71537AC7030_2_00007FF71537AC70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715375C7030_2_00007FF715375C70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153B6C8030_2_00007FF7153B6C80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715363CF830_2_00007FF715363CF8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715383C9D30_2_00007FF715383C9D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715374B8030_2_00007FF715374B80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71534CB8230_2_00007FF71534CB82
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715362B2030_2_00007FF715362B20
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715369B2230_2_00007FF715369B22
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF71535EB5030_2_00007FF71535EB50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153E6C1030_2_00007FF7153E6C10
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF7153FFC1030_2_00007FF7153FFC10
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715388BC030_2_00007FF715388BC0
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll 7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 003C586B appears 63 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 003ADC9B appears 33 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 003C5E20 appears 45 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 003C5838 appears 108 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00362940 appears 82 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00362C70 appears 81 times
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: String function: 0092B9D0 appears 38 times
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: String function: 0095834C appears 49 times
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: String function: 0094C52F appears 37 times
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: String function: 00949AB6 appears 47 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 00007FF715345C64 appears 377 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 00007FF71534211D appears 33 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 00007FF7153A4380 appears 31 times
Source: nw.dll.7.drStatic PE information: Number of sections : 16 > 10
Source: vk_swiftshader.dll.7.drStatic PE information: Number of sections : 12 > 10
Source: ffmpeg.dll.7.drStatic PE information: Number of sections : 12 > 10
Source: libEGL.dll.7.drStatic PE information: Number of sections : 13 > 10
Source: node.dll.7.drStatic PE information: Number of sections : 12 > 10
Source: vulkan-1.dll.7.drStatic PE information: Number of sections : 12 > 10
Source: nw_elf.dll.7.drStatic PE information: Number of sections : 15 > 10
Source: nw.exe.7.drStatic PE information: Number of sections : 14 > 10
Source: libGLESv2.dll.7.drStatic PE information: Number of sections : 13 > 10
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameinetc.dllF vs 9c23f857-b0b9-47d6-b664-47a3132066f4.exe
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.internal.graphics.display.displaycolormanagement.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.ui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mmdevapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wpnapps.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rmclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: xmllite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usermgrcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.media.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wlanapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: firewallapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: explorerframe.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wlanapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: linkinfo.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: pcpksp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: tbs.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: node.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: node.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwritecore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: napinsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: pnrpnsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wshbth.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winrnr.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wscapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: srvcli.dll
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal40.spyw.evad.winEXE@54/364@0/23
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715345FB0 FormatMessageA,GetLastError,28_2_00007FF715345FB0
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040352D
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00951175 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,FindCloseChangeNotification,10_2_00951175
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_0037F090 LookupPrivilegeValueW,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,CloseHandle,17_2_0037F090
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_009223A0 WTSGetActiveConsoleSessionId,WaitForSingleObject,CloseHandle,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetLastError,Sleep,Sleep,12_2_009223A0
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00363460 LoadResource,LockResource,SizeofResource,17_2_00363460
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_009228D0 StartServiceCtrlDispatcherW,GetLastError,12_2_009228D0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_009228D0 StartServiceCtrlDispatcherW,GetLastError,12_2_009228D0
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Program Files (x86)\Fast!Jump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\FAST!Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7992:120:WilError_03
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsb237B.tmpJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: /noui17_2_003A1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: /noui17_2_003A1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: Local\fast!17_2_003A1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: Local\fast!17_2_003A1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: ui\.17_2_003A1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: nwjs\nw17_2_003A1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: open17_2_003A1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: >|>17_2_003E7B90
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Program Files\Google\Chrome\Application\chrome.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeVirustotal: Detection: 16%
Source: diskspd.exeString found in binary or memory: <LoadImage>%I64u</LoadImage>
Source: diskspd.exeString found in binary or memory: Error creating/opening wait-for-start event: '%s'
Source: diskspd.exeString found in binary or memory: Error creating/opening force-stop event: '%s'
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile read: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1848,i,2207139316729588946,8923005645512885988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xml
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
Source: unknownProcess created: C:\Program Files (x86)\Fast!\FastSRV.exe C:\Program Files (x86)\Fast!\FastSRV.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=2000,i,3858328965028231226,10247695033159646713,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exe
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exe
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x238,0x23c,0x240,0x210,0x244,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2428 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709714839247985 --launch-time-ticks=3885297285 --mojo-platform-channel-handle=3152 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3984 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3864 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3768 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Jump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1848,i,2207139316729588946,8923005645512885988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=2000,i,3858328965028231226,10247695033159646713,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xmlJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Jump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=2000,i,3858328965028231226,10247695033159646713,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exeJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x238,0x23c,0x240,0x210,0x244,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2428 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709714839247985 --launch-time-ticks=3885297285 --mojo-platform-channel-handle=3152 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3984 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3864 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3768 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Fast!.lnk.7.drLNK file: ..\..\..\Program Files (x86)\Fast!\fast!.exe
Source: Uninstall.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Fast!\uninstaller.exe
Source: Fast!.lnk0.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Fast!\fast!.exe
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeAutomated click: Next >
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: certificate valid
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: UxTheme.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb[jV source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: w.dll.pdbV source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdb source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowManagementAPI.pdbWindows.UI.pdbi source: nw.exe, 00000013.00000003.2432160354.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: advapi32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: &Windows.Storage.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernel32.pdb source: nw.exe, 00000013.00000003.2427003235.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2426209108.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431582153.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431829275.0000020D0B8BB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: nw.exe, 00000012.00000000.2392020416.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000000.2400076207.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B87A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427721589.0000020D0B87A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000014.00000000.2405652249.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000015.00000000.2409912163.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000016.00000000.2438736245.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000017.00000000.2450573092.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000000.2553810302.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2564746716.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: wkscli.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.Media.pdb source: nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: InputHost.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winspool.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iphlpapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wpnapps.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "CoreMessaging.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gpapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: powrprof.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\FastSRV\Release\FastSRV.pdb source: FastSRV.exe, 0000000C.00000000.2359778499.000000000093F000.00000002.00000001.01000000.00000016.sdmp, FastSRV.exe, 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: ThreadPoolForegroundWorkernapi.appcore.pdbA source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.UI.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb.dll=jp source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gpapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: napi.appcore.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cfgmgr32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: nw.exe, 00000012.00000003.2438675840.000001A5587C8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,TextInputFramework.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: secur32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdbGCTL source: diskspd.exe, 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp
Source: Binary string: netutils.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernelbase.pdb source: nw.exe, 00000013.00000003.2427003235.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2426209108.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431582153.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431829275.0000020D0B8BB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinTypes.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb] source: nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dhcpcsvc.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowManagementAPI.pdb source: nw.exe, 00000013.00000003.2432160354.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2425785178.0000020D0D63A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427264530.0000020D0D63A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: &twinapi.appcore.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MMDevAPI.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ts.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp_win.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdbt.dllj source: nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setupapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdb source: diskspd.exe, diskspd.exe, 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp
Source: Binary string: winhttp.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb source: fast!.exe, 0000000F.00000000.2364649207.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2374020148.00000000003F0000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: gdi32full.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tFramework.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (CoreUIComponents.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: RmClient.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\wpnapps.dlltFramework.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: fmpeg.dll.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb_ source: fast!.exe, 0000000F.00000000.2364649207.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2374020148.00000000003F0000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: gdi32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dhcpcsvc6.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: nw.exe, 00000013.00000003.2427003235.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2426209108.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431582153.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431829275.0000020D0B8BB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowManagementAPI.pdbows.UI.dll resources* source: nw.exe, 00000013.00000003.2425785178.0000020D0D63A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427264530.0000020D0D63A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: propsys.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: $Kernel.Appcore.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\CoreMessaging.dllts.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432456284.0000020D0B874000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: version.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (CoreUIComponents.pdb)* source: nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wintrust.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (bcryptprimitives.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: w.dll.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: nw.exe, 00000013.00000003.2427003235.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2426209108.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431582153.0000020D0B8B9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431829275.0000020D0B8BB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wtsapi32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420497627.0000020D0D672000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2424946884.0000020D0D68D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2420140044.0000020D0D664000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2422579957.0000020D0D675000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: comctl32.pdb source: nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427419179.0000020D0B877000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: nw.exe, 00000013.00000003.2427903718.0000020D0B86F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423845497.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427449321.0000020D0B86C000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2431545246.0000020D0B870000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2432160354.0000020D0B872000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2427824316.0000020D0B86E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2423951893.0000020D0D804000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00380BA0 LoadLibraryW,GetProcAddress,GetProcAddress,FreeLibrary,17_2_00380BA0
Source: Banner.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x15b3
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: System.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: libGLESv2.dll0.7.drStatic PE information: real checksum: 0x0 should be: 0x1f9bbb
Source: vk_swiftshader.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x45629c
Source: nsJSON.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x6718
Source: nsExec.dll.7.drStatic PE information: real checksum: 0x0 should be: 0xde0c
Source: ffmpeg.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x1ffb7a
Source: inetc.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: libEGL.dll0.7.drStatic PE information: real checksum: 0x0 should be: 0x25219
Source: SimpleSC.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x1119d4
Source: libEGL.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x72fff
Source: vulkan-1.dll.7.drStatic PE information: real checksum: 0x0 should be: 0xe54f7
Source: uninstaller.exe.7.drStatic PE information: real checksum: 0x7cf6bcb should be: 0x77b67
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: real checksum: 0x2586f should be: 0x20a0c
Source: nw_elf.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x1203a0
Source: libGLESv2.dll.7.drStatic PE information: real checksum: 0x0 should be: 0x69cd14
Source: inetc.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: nsDialogs.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2f9b
Source: SimpleSC.dll.7.drStatic PE information: section name: .didata
Source: ffmpeg.dll.7.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.7.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.7.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.7.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll.7.drStatic PE information: section name: _RDATA
Source: libEGL.dll.7.drStatic PE information: section name: .00cfg
Source: libEGL.dll.7.drStatic PE information: section name: .gxfg
Source: libEGL.dll.7.drStatic PE information: section name: .retplne
Source: libEGL.dll.7.drStatic PE information: section name: .voltbl
Source: libEGL.dll.7.drStatic PE information: section name: _RDATA
Source: libEGL.dll.7.drStatic PE information: section name: malloc_h
Source: libGLESv2.dll.7.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.7.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.7.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.7.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll.7.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.7.drStatic PE information: section name: malloc_h
Source: node.dll.7.drStatic PE information: section name: .00cfg
Source: node.dll.7.drStatic PE information: section name: .gxfg
Source: node.dll.7.drStatic PE information: section name: .retplne
Source: node.dll.7.drStatic PE information: section name: .voltbl
Source: node.dll.7.drStatic PE information: section name: _RDATA
Source: nw.dll.7.drStatic PE information: section name: .00cfg
Source: nw.dll.7.drStatic PE information: section name: .gxfg
Source: nw.dll.7.drStatic PE information: section name: .retplne
Source: nw.dll.7.drStatic PE information: section name: .rodata
Source: nw.dll.7.drStatic PE information: section name: .voltbl
Source: nw.dll.7.drStatic PE information: section name: CPADinfo
Source: nw.dll.7.drStatic PE information: section name: LZMADEC
Source: nw.dll.7.drStatic PE information: section name: _RDATA
Source: nw.dll.7.drStatic PE information: section name: malloc_h
Source: nw.exe.7.drStatic PE information: section name: .00cfg
Source: nw.exe.7.drStatic PE information: section name: .gxfg
Source: nw.exe.7.drStatic PE information: section name: .retplne
Source: nw.exe.7.drStatic PE information: section name: .voltbl
Source: nw.exe.7.drStatic PE information: section name: CPADinfo
Source: nw.exe.7.drStatic PE information: section name: _RDATA
Source: nw.exe.7.drStatic PE information: section name: malloc_h
Source: nw_elf.dll.7.drStatic PE information: section name: .00cfg
Source: nw_elf.dll.7.drStatic PE information: section name: .crthunk
Source: nw_elf.dll.7.drStatic PE information: section name: .gxfg
Source: nw_elf.dll.7.drStatic PE information: section name: .retplne
Source: nw_elf.dll.7.drStatic PE information: section name: .voltbl
Source: nw_elf.dll.7.drStatic PE information: section name: CPADinfo
Source: nw_elf.dll.7.drStatic PE information: section name: _RDATA
Source: nw_elf.dll.7.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.7.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.7.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.7.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.7.drStatic PE information: section name: .voltbl
Source: vk_swiftshader.dll.7.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.7.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.7.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.7.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.7.drStatic PE information: section name: .voltbl
Source: vulkan-1.dll.7.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_0095D0E7 push ecx; ret 10_2_0095D0FA
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_0095D7A9 push ecx; ret 10_2_0095D7BC
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0092B35E push ecx; ret 12_2_0092B371
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003C5815 push ecx; ret 17_2_003C5828
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715382497 push rbp; ret 28_2_00007FF715382498
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 30_2_00007FF715382497 push rbp; ret 30_2_00007FF715382498

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: __EH_prolog3_GS,srand,GetCurrentThread,SetThreadGroupAffinity,atoi,sprintf_s,isalpha,sprintf_s,CreateFileA,SetFileInformationByHandle,GetFileSize,GetLastError,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,GetLastError,GetLastError,GetLastError,WaitForSingleObject,GetLastError,Sleep,ReadFile,WriteFile,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,CreateIoCompletionPort,GetLastError,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,VirtualFree,FindCloseChangeNotification,CloseHandle,??3@YAXPAX@Z, \\.\PhysicalDrive%u10_2_00951F60
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\node.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\fast!.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\FastSRV.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw_elf.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\Banner.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: __EH_prolog3_GS,srand,GetCurrentThread,SetThreadGroupAffinity,atoi,sprintf_s,isalpha,sprintf_s,CreateFileA,SetFileInformationByHandle,GetFileSize,GetLastError,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,GetLastError,GetLastError,GetLastError,WaitForSingleObject,GetLastError,Sleep,ReadFile,WriteFile,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,CreateIoCompletionPort,GetLastError,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,VirtualFree,FindCloseChangeNotification,CloseHandle,??3@YAXPAX@Z, \\.\PhysicalDrive%u10_2_00951F60
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!Jump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Uninstall.lnkJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Fast!.lnkJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_009228D0 StartServiceCtrlDispatcherW,GetLastError,12_2_009228D0
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found stalling execution ending in API Sleep call
Source: C:\Program Files (x86)\Fast!\FastSRV.exeStalling execution: Execution stalls by calling Sleepgraph_12-14755
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId, ServiceType FROM Win32_Service
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId, ServiceType FROM Win32_Service
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715343758 rdtsc 28_2_00007FF715343758
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: threadDelayed 2568
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: threadDelayed 4943
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: foregroundWindowGot 708
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 376
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 357
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\Banner.dllJump to dropped file
Source: C:\Program Files (x86)\Fast!\fast!.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_17-58858
Source: C:\Program Files (x86)\Fast!\FastSRV.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_12-14779
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00921D20 WTSGetActiveConsoleSessionId,WaitForSingleObject,CloseHandle,CreateToolhelp32Snapshot,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetLastError,Sleep,Sleep,GetProcessTimes,GetSystemTimeAsFileTime,Sleep,InitializeCriticalSectionEx,GetLastError,12_2_00921D20
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-14790
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeAPI coverage: 7.2 %
Source: C:\Program Files (x86)\Fast!\fast!.exeAPI coverage: 7.5 %
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeAPI coverage: 3.9 %
Source: C:\Windows\System32\svchost.exe TID: 7452Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 2568 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep time: -2568000s >= -30000s
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 48 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 108 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 76 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 100 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 157 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 52 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 31 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 36 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep count: 4943 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 3520Thread sleep time: -4943000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Product FROM Win32_BaseBoard
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Version FROM Win32_BIOS
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default\blob_storage\56548bbc-8cb2-49ee-9799-b7418d827c08 FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405C49
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_00406873 FindFirstFileW,FindClose,7_2_00406873
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 7_2_0040290B FindFirstFileW,7_2_0040290B
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00936EE1 FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00936EE1
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003DF3F6 FindFirstFileExW,FindNextFileW,FindClose,FindClose,17_2_003DF3F6
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7153BC1C0 FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,28_2_00007FF7153BC1C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715344688 GetSystemInfo,28_2_00007FF715344688
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\
Source: SetupEngine.exe, 00000007.00000003.2190131121.00000000046C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: el.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+0005
Source: SetupEngine.exe, 00000007.00000003.2189978143.00000000046E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000$H
Source: SetupEngine.exe, 00000007.00000003.2180449638.00000000046E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=
Source: SetupEngine.exe, 00000007.00000003.2384637411.000000000077A000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.000000000077A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWz
Source: SetupEngine.exe, 00000007.00000003.2179143422.00000000046DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK
Source: SetupEngine.exe, 00000007.00000003.2179804809.00000000046E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device
Source: SetupEngine.exe, 00000007.00000003.2189978143.00000000046D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985148734.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985148734.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984508908.00000000006C7000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984508908.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384637411.000000000077A000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.000000000077A000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2412070043.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2437582699.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2408239351.00000000009C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: SetupEngine.exe, 00000007.00000003.2190146043.00000000046BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
Source: explorer.exe, 00000019.00000000.2476864058.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: SetupEngine.exe, 00000007.00000003.2190162013.00000000046CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+00033
Source: SetupEngine.exe, 00000007.00000003.2179016596.00000000046E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None
Source: SetupEngine.exe, 00000007.00000003.2179433410.00000000046DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32
Source: SetupEngine.exe, 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpBinary or memory string: getsers\user\AppData\Local\Temp\nsv93CA.tmp\inetc.dllllngggpng.exeehNiCWMIWVr\TAIysbHVEGbG.exee\WinStore.App.exexechitecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000C:\Users\user\AppData\Local\FAST!\Temp\emp_settingseoneh-AEE6-C75AECD93BF0&_fcid=1709547169173348C:\Users\user\AppData\Local\Temp\nsv93CA.tmp25-11ce-bfc1-08002be10318}\00018C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\inetc.dllllEE6-C75AECD93BF0&_fcid=1709547169173348Setup was completed successfully.nstalled.
Source: SetupEngine.exeBinary or memory string: ogicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986018059.0000000003300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware%2C+Inc%2E5S
Source: SetupEngine.exe, 00000007.00000003.2189978143.00000000046E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000!E
Source: SetupEngine.exe, 00000007.00000003.2190146043.00000000046BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000TM
Source: explorer.exe, 00000019.00000000.2476864058.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: explorer.exe, 00000019.00000000.2467845224.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
Source: SetupEngine.exe, 00000007.00000003.2190131121.00000000046C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000e
Source: SetupEngine.exe, 00000007.00000003.2190146043.00000000046BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Cache-Controlno-cache/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: explorer.exe, 00000019.00000000.2474589836.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: fast!.exe, 00000011.00000003.2383624230.000000000115D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductVRFRKH71434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None3
Source: SetupEngine.exe, 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpBinary or memory string: Remove folder: ted successfully.\TempA.tmp\inetc.dllE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=error_mini_empty_pathoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000sedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000007.00000003.2179675775.00000000046CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024
Source: SetupEngine.exe, 00000007.00000003.2189978143.00000000046E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000007.00000003.2384637411.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.0000000000761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpl|%SystemRoot%\system32\mswsock.dll]
Source: explorer.exe, 00000019.00000000.2467845224.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
Source: SetupEngine.exe, 00000007.00000003.2179964631.00000000046D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200
Source: explorer.exe, 00000019.00000000.2474589836.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: SetupEngine.exe, 00000007.00000003.2384038878.00000000046B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/register.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&ch=&version=2.338&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000007.00000003.2190146043.00000000046BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: fast!.exe, 0000000F.00000003.2412070043.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2437582699.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2408239351.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2416152548.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2522479184.00000000009C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWOD}
Source: explorer.exe, 00000019.00000000.2459864512.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000019.00000000.2476864058.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: SetupEngine.exe, 00000007.00000003.2179561203.00000000046E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280
Source: SetupEngine.exe, 00000007.00000003.2189978143.00000000046F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: el.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
Source: SetupEngine.exe, 00000007.00000003.2190162013.00000000046CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: explorer.exe, 00000019.00000000.2459864512.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: fast!.exe, 0000000F.00000003.2416152548.00000000009B7000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2437582699.00000000009B7000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2408239351.000000000099B000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2522479184.000000000099B000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2412070043.000000000099E000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2408763343.00000000009B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW;
Source: explorer.exe, 00000019.00000000.2467845224.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: fast!.exe, 00000011.00000003.2383624230.000000000115D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: SetupEngine.exe, 00000007.00000003.2190146043.00000000046BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000Y
Source: SetupEngine.exe, 00000007.00000003.2180265530.00000000046D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender
Source: SetupEngine.exe, 00000007.00000003.2180149086.00000000046E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984508908.00000000006EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.o
Source: SetupEngine.exe, 00000007.00000003.2384038878.00000000046B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&ch=&version=2.338&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpBinary or memory string: &dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+0007389912DeviceIdnw.exexe173348ppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348124884\user\AppData\Local\FAST!\Temp\SetupEngine.exe6450312OCount>
Source: explorer.exe, 00000019.00000000.2474589836.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000019.00000000.2474589836.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000019.00000000.2476864058.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: fast!.exe, 0000000F.00000003.2401529583.00000000039EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SetupEngine.exe, 00000007.00000003.2179294041.00000000046E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0
Source: fast!.exe, 00000011.00000003.2383624230.000000000115D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductVRFRKH71434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: SetupEngine.exe, 00000007.00000003.2384038878.00000000046B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000007.00000003.2178914646.00000000046D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.
Source: SetupEngine.exe, 00000007.00000003.2179177746.00000000046E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=2C19DK
Source: SetupEngine.exe, 00000007.00000003.2190146043.00000000046BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hostveryfast.ioGET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1Shl
Source: SetupEngine.exe, 00000007.00000003.2189978143.00000000046DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024
Source: SetupEngine.exe, 00000007.00000003.2189978143.00000000046DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fast.io-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024
Source: SetupEngine.exe, 00000007.00000003.2384038878.00000000046B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=2C19DK&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=8DVXF2SE%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+0005
Source: explorer.exe, 00000019.00000000.2459864512.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeAPI call chain: ExitProcess graph end nodegraph_0-3453
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeAPI call chain: ExitProcess graph end nodegraph_7-3508
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_10-5569
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715343758 rdtsc 28_2_00007FF715343758
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0092F867 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0092F867
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00380BA0 LoadLibraryW,GetProcAddress,GetProcAddress,FreeLibrary,17_2_00380BA0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00937DDA GetProcessHeap,12_2_00937DDA
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_0095D5FA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0095D5FA
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0092F867 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0092F867
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0092B962 SetUnhandledExceptionFilter,12_2_0092B962
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0092B5F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_0092B5F0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0092B7FD IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0092B7FD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003CA183 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_003CA183
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003C53CD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_003C53CD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003C5C14 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_003C5C14
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003C5DA7 SetUnhandledExceptionFilter,17_2_003C5DA7
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF715489548 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FF715489548
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF7154B5BCC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FF7154B5BCC
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: WTSGetActiveConsoleSessionId,WaitForSingleObject,CloseHandle,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetLastError,Sleep,Sleep, explorer.exe12_2_009223A0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: WTSGetActiveConsoleSessionId,WaitForSingleObject,CloseHandle,CreateToolhelp32Snapshot,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetLastError,Sleep,Sleep,GetProcessTimes,GetSystemTimeAsFileTime,Sleep,InitializeCriticalSectionEx,GetLastError, explorer.exe12_2_00921D20
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Jump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xmlJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp Jump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x238,0x23c,0x240,0x210,0x244,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2428 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709714839247985 --launch-time-ticks=3885297285 --mojo-platform-channel-handle=3152 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3984 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3864 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3768 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\fast!\user data" --annotation=plat=win64 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x238,0x23c,0x240,0x210,0x244,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=2428 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=renderer --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=c:\program files (x86)\fast!\nwjs\gen" --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709714839247985 --launch-time-ticks=3885297285 --mojo-platform-channel-handle=3152 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3984 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3864 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3768 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\fast!\user data" --annotation=plat=win64 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x238,0x23c,0x240,0x210,0x244,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=2428 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=renderer --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=c:\program files (x86)\fast!\nwjs\gen" --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709714839247985 --launch-time-ticks=3885297285 --mojo-platform-channel-handle=3152 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3984 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3864 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3768 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
Source: fast!.exe, 0000000F.00000000.2364649207.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2374020148.00000000003F0000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: 8...windowsinstallerwindows explorernwjspowershellvolume mixersetupfast!system traytask managerfolderviewwindows shellprogram managerwindows host processdefendersearch ControlPanelFileExplorerConsoleWindowHostMicrosoftEdgeWebView2HostProcessforWindowsTasksPickanappFilePickerUIHostCOMSurrogateLocationNotificationWindowsCommandProcessorPickanapplicationRuntimeBrokerWindowsProblemReportingConsentUIforadministrativeapplicationsEasyAnti-CheatBootstrapper(EOS)GameBarFullTrustCOMServerGoogleInstallerStartSearchNewnotificationTaskSwitching,
Source: explorer.exe, 00000019.00000000.2467445106.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2474589836.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2461563514.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000019.00000000.2461563514.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000019.00000000.2459864512.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
Source: explorer.exe, 00000019.00000000.2461563514.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: fast!.exeBinary or memory string: program manager
Source: explorer.exe, 00000019.00000000.2461563514.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0092B3DE cpuid 12_2_0092B3DE
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: EnumSystemLocalesW,12_2_0093482E
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,12_2_0093A058
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,12_2_0093A2AB
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,12_2_0093A3D4
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,12_2_0093A4DA
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,12_2_00939C3B
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,12_2_0093A5B0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,12_2_00934D3B
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: EnumSystemLocalesW,12_2_00939EE7
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,12_2_00939E40
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: EnumSystemLocalesW,12_2_00939FCD
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: EnumSystemLocalesW,12_2_00939F32
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: EnumSystemLocalesW,17_2_003E20E4
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: EnumSystemLocalesW,17_2_003E212F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,17_2_003DC1CF
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: EnumSystemLocalesW,17_2_003E21CA
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,17_2_003E2255
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,17_2_003E24A8
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,17_2_003E25D1
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,17_2_003E26D7
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,17_2_003E27AD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoEx,17_2_003C4B14
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: EnumSystemLocalesW,17_2_003DBC0C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,17_2_003E1E38
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\acf37841-a79a-4c19-8564-e4639ee527a9.dmp VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\acf37841-a79a-4c19-8564-e4639ee527a9.dmp VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\acf37841-a79a-4c19-8564-e4639ee527a9.dmp VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\js\ui.bin VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003A1610 OpenEventW,PulseEvent,CreateEventW,GetTickCount64,GetTickCount64,GetTickCount64,GetTickCount64,CreateNamedPipeW,Sleep,Sleep,ShellExecuteW,Sleep,__Mtx_unlock,__Mtx_destroy_in_situ,FreeLibrary,std::_Throw_Cpp_error,std::_Throw_Cpp_error,17_2_003A1610
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_0095D498 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,10_2_0095D498
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_003DCDE2 GetTimeZoneInformation,17_2_003DCDE2
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\History

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		241
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomains1
Replication Through Removable Media		4
Native API		1
Valid Accounts		1
Valid Accounts		2
Obfuscated Files or Information		11
Input Capture		11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts13
Command and Scripting Interpreter		3
Windows Service		11
Access Token Manipulation		1
DLL Side-Loading		Security Account Manager1
System Network Connections Discovery		SMB/Windows Admin Shares11
Input Capture		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts2
Service Execution		1
Registry Run Keys / Startup Folder		3
Windows Service		12
Masquerading		NTDS3
File and Directory Discovery		Distributed Component Object Model1
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Bootkit		23
Process Injection		1
Valid Accounts		LSA Secrets188
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder		25
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Access Token Manipulation		DCSync471
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job23
Process Injection		Proc Filesystem25
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Bootkit		/etc/passwd and /etc/shadow3
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
Remote System Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1403894 Sample: 9c23f857-b0b9-47d6-b664-47a... Startdate: 06/03/2024 Architecture: WINDOWS Score: 40 99 Multi AV Scanner detection for dropped file 2->99 101 Multi AV Scanner detection for submitted file 2->101 103 Found stalling execution ending in API Sleep call 2->103 105 Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes) 2->105 8 9c23f857-b0b9-47d6-b664-47a3132066f4.exe 49 2->8         started        13 FastSRV.exe 2->13         started        15 svchost.exe 1 2 2->15         started        process3 dnsIp4 85 161.35.127.181 DIGITALOCEAN-ASNUS United States 8->85 87 89.187.187.25 CDN77GB Czech Republic 8->87 65 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 8->65 dropped 67 C:\Users\user\AppData\Local\...\inetc.dll, PE32 8->67 dropped 69 C:\Users\user\AppData\Local\...\Banner.dll, PE32 8->69 dropped 71 3 other files (1 malicious) 8->71 dropped 115 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 8->115 17 SetupEngine.exe 23 243 8->17         started        21 chrome.exe 1 8->21         started        24 fast!.exe 13->24         started        89 23.206.6.29 AKAMAI-ASUS United States 15->89 91 127.0.0.1 unknown unknown 15->91 file5 signatures6 process7 dnsIp8 55 C:\Users\user\AppData\Local\...\inetc.dll, PE32 17->55 dropped 57 C:\Users\user\AppData\Local\...\SimpleSC.dll, PE32 17->57 dropped 59 C:\Users\user\AppData\Local\...\diskspd.exe, PE32 17->59 dropped 61 17 other files (15 malicious) 17->61 dropped 107 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 17->107 26 cmd.exe 2 17->26         started        28 chrome.exe 17->28         started        30 fast!.exe 17->30         started        79 192.168.2.16 unknown unknown 21->79 81 192.168.2.22 unknown unknown 21->81 83 3 other IPs or domains 21->83 32 chrome.exe 21->32         started        35 nw.exe 24->35         started        file9 signatures10 process11 dnsIp12 39 diskspd.exe 2 26->39         started        42 conhost.exe 26->42         started        44 chrome.exe 28->44         started        73 142.250.101.101 GOOGLEUS United States 32->73 75 142.250.101.104 GOOGLEUS United States 32->75 77 8 other IPs or domains 32->77 63 C:\Users\user\AppData\Local\FAST!\...\History, SQLite 35->63 dropped 109 Tries to harvest and steal browser information (history, passwords, etc) 35->109 46 nw.exe 35->46         started        49 nw.exe 35->49         started        51 nw.exe 35->51         started        53 6 other processes 35->53 file13 signatures14 process15 dnsIp16 111 Found API chain indicative of debugger detection 39->111 113 Contains functionality to infect the boot sector 39->113 93 142.250.101.95 GOOGLEUS United States 46->93 95 142.250.101.99 GOOGLEUS United States 46->95 97 2 other IPs or domains 46->97 signatures17

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
9c23f857-b0b9-47d6-b664-47a3132066f4.exe17%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Fast!\FastSRV.exe4%ReversingLabs
C:\Program Files (x86)\Fast!\FastSRV.exe4%VirustotalBrowse
C:\Program Files (x86)\Fast!\fast!.exe25%ReversingLabsWin32.Trojan.Generic
C:\Program Files (x86)\Fast!\fast!.exe29%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll0%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll0%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\libEGL.dll0%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll0%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\node.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\node.dll0%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\nw.dll3%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw.dll1%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\nw.exe4%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw.exe9%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll0%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll1%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll0%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dll0%VirustotalBrowse
C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://anglebug.com/46330%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#0%URL Reputationsafe
https://anglebug.com/73820%URL Reputationsafe
http://anglebug.com/69290%URL Reputationsafe
https://anglebug.com/72460%URL Reputationsafe
https://anglebug.com/72460%URL Reputationsafe
https://anglebug.com/73690%URL Reputationsafe
https://anglebug.com/74890%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
http://anglebug.com/47220%URL Reputationsafe
https://outlook.com_0%URL Reputationsafe
http://anglebug.com/35020%URL Reputationsafe
http://anglebug.com/38620%URL Reputationsafe
http://anglebug.com/48360%URL Reputationsafe
http://schemas.micro0%URL Reputationsafe
http://anglebug.com/39700%URL Reputationsafe
http://anglebug.com/59010%URL Reputationsafe
http://anglebug.com/39650%URL Reputationsafe
http://ocsp.accv.es00%URL Reputationsafe
https://anglebug.com/71610%URL Reputationsafe
https://anglebug.com/71620%URL Reputationsafe
http://anglebug.com/59060%URL Reputationsafe
http://anglebug.com/25170%URL Reputationsafe
http://anglebug.com/49370%URL Reputationsafe
https://tc39.es/ecma262/#sec-timeclip0%Avira URL Cloudsafe
http://anglebug.com/5881w0%Avira URL Cloudsafe
http://anglebug.com/8162u0%Avira URL Cloudsafe
http://anglebug.com/687660%Avira URL Cloudsafe
http://anglebug.com/4551?0%Avira URL Cloudsafe
https://tc39.es/ecma262/#sec-timeclip0%VirustotalBrowse
http://anglebug.com/5881w0%VirustotalBrowse
https://anglebug.com/7369q0%VirustotalBrowse
http://anglebug.com/5881M0%VirustotalBrowse
http://anglebug.com/687660%VirustotalBrowse
http://anglebug.com/4551?0%VirustotalBrowse
https://webassembly.github.io/spec/web-api0%VirustotalBrowse
http://anglebug.com/8162u0%VirustotalBrowse
http://anglebug.com/5881M0%Avira URL Cloudsafe
https://webassembly.github.io/spec/web-api0%Avira URL Cloudsafe
http://anglebug.com/2162f0%VirustotalBrowse
https://fonts.gogleapis.com/css2?family0%VirustotalBrowse
https://heycam.github.io/webidl/#dfn-iterator-prototype-object0%VirustotalBrowse
https://heycam.github.io/webidl/#es-iterable-entries0%VirustotalBrowse
http://anglebug.com/82970%VirustotalBrowse
https://anglebug.com/7369q0%Avira URL Cloudsafe
https://heycam.github.io/webidl/#es-iterable-entries0%Avira URL Cloudsafe
https://anglebug.com/7369-0%VirustotalBrowse
https://anglebug.com/7369D0%VirustotalBrowse
https://fonts.gogleapis.com/css2?family0%Avira URL Cloudsafe
http://anglebug.com/2162f0%Avira URL Cloudsafe
http://anglebug.com/82970%Avira URL Cloudsafe
https://heycam.github.io/webidl/#dfn-iterator-prototype-object0%Avira URL Cloudsafe
https://anglebug.com/7369D0%Avira URL Cloudsafe
https://anglebug.com/7369-0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348false
    		high
    https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348false
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://aka.ms/odirmrexplorer.exe, 00000019.00000000.2467845224.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
        		high
        https://repcdn.veryfast.io/download/2.338/SetupEngine.exes9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984474823.000000000336F000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986343046.000000000336F000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943798727.000000000336E000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983696430.000000000336E000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983677542.0000000003359000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984665221.000000000336F000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000019.00000000.2474589836.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
            		high
            http://anglebug.com/4633nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1943436044.0000000003352000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://anglebug.com/7382nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://github.com/nodejs/node/pull/35941nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://console.spec.whatwg.org/#tablenw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newnw.exe, 00000012.00000000.2392020416.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000000.2400076207.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000014.00000000.2405652249.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000015.00000000.2409912163.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000016.00000000.2438736245.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000017.00000000.2450573092.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000000.2553810302.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2564746716.00007FF7154C5000.00000002.00000001.01000000.00000018.sdmpfalse
                  		high
                  https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000002.00000003.1768514050.000001D2EC78F000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                      		high
                      https://encoding.spec.whatwg.org/#textencodernw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://goo.gl/t5IS6M).nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://url.spec.whatwg.org/#concept-urlencoded-serializernw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            http://anglebug.com/6929nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparamsnw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3Fnw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://nodejs.org/api/fs.htmlnw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://anglebug.com/68766nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://anglebug.com/8162unw.exe, 00000012.00000003.2438462651.000001A5585FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/nodejs/node/pull/21313nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://anglebug.com/7246nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://anglebug.com/7369nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://veryfast.io/onfast!.exe, 0000000F.00000003.2426253745.0000000003A21000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://anglebug.com/7489nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.midnight-commander.org/browser/lib/tty/key.cnw.exe, 00000017.00000003.2659325221.0000457E006C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000019.00000000.2467845224.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          https://wwww.certigna.fr/autorites/0mnw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://anglebug.com/4551?nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.squid-cache.org/Doc/config/half_closed_clients/nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              http://anglebug.com/5881wnw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://tc39.es/ecma262/#sec-timeclipnw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/nodejs/node/pull/33661nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/nodejs/node/pull/48477#issuecomment-1604586650nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://veryfast.io/-nw.exe, 00000017.00000003.2659325221.0000457E00842000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://veryfast.io/LMEMHP~s9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1984474823.000000000335A000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1986199824.000000000335A000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1983677542.0000000003359000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://code.google.com/p/chromium/issues/detail?id=25916nw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://webidl.spec.whatwg.org/#abstract-opdef-converttointnw.exe, 00000017.00000003.2657872461.0000457E008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523356448.0000457E00082000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://veryfast.io/3SetupEngine.exe, 00000007.00000003.2384637411.000000000077A000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.000000000077A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://veryfast.io/09c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1793792723.0000000003359000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://anglebug.com/4722nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://anglebug.com/5881Mnw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • 0%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://veryfast.io/4fast!.exe, 0000000F.00000003.2408566190.0000000003A21000.00000004.00000020.00020000.00000000.sdmp, fast!.exe, 0000000F.00000003.2412311193.0000000003A21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://webassembly.github.io/spec/web-apinw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.cert.fnmt.es/dpcs/nw.exe, 00000017.00000003.2662266899.000001C38C77B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2662634021.000001C38C6AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://github.com/nodejs/node/pull/12607nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348aCSetupEngine.exe, 00000007.00000003.2385087371.000000000472B000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384927105.0000000004710000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2389167199.000000000472C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://outlook.com_explorer.exe, 00000019.00000000.2488899266.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		low
                                                                        https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope.nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348jSetupEngine.exe, 00000007.00000002.2386694111.0000000000730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://anglebug.com/3502nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://veryfast.io/download.php?engine=1&guid=9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1985098357.0000000000658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://veryfast.io/fast!.exe, fast!.exe, 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2374020148.00000000003F0000.00000002.00000001.01000000.00000017.sdmp, nw.exe, 00000017.00000003.2661721917.00002AA000660000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2661395934.00002AA000650000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.unicode.org/copyright.htmlnw.exe, 0000001C.00000002.2559881697.000002EC727C7000.00000002.00000001.00040000.00000028.sdmpfalse
                                                                                  		high
                                                                                  https://chrome.google.com/webstore?hl=en-GBnw.exe, 00000012.00000003.2438675840.000001A5587A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://anglebug.com/3862nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://anglebug.com/7369qnw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • 0%, Virustotal, Browse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://anglebug.com/2162fnw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • 0%, Virustotal, Browse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://anglebug.com/4836nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://issuetracker.google.com/issues/166475273nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.microexplorer.exe, 00000019.00000000.2477474851.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000019.00000000.2471240768.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000019.00000000.2472425831.0000000008720000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348oSetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384637411.00000000007D2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2388738537.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2387457282.00000000007D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.quovadisglobal.com/cpsanw.exe, 00000017.00000003.2663582422.000001C38C5F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348pSetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://heycam.github.io/webidl/#es-iterable-entriesnw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://fonts.gogleapis.com/css2?familynw.exe, 00000017.00000003.2727741840.000001C38AF7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://github.com/nodejs/node/issuesnw.exe, 00000017.00000003.2455401549.000001C34A112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.quovadisglobal.com/cps0nw.exe, 00000017.00000003.2662266899.000001C38C77B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://url.spec.whatwg.org/#urlsearchparamsnw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/3970nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.rfc-editor.org/rfc/rfc9110#section-5.2nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://streams.spec.whatwg.org/#example-manual-write-with-backpressurenw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalnw.exe, 00000017.00000003.2523831415.0000457E00742000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E00742000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://heycam.github.io/webidl/#dfn-iterator-prototype-objectnw.exe, 00000017.00000003.2657872461.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2522320630.0000457E00802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523032920.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • 0%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://anglebug.com/8297nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • 0%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://anglebug.com/5901nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://veryfast.io/keys/71434D56-1548-ED3D-AEE6-C75AECD93BF0.licensenw.exe, 00000017.00000003.2660925900.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/3965nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://ocsp.accv.es0nw.exe, 00000017.00000003.2663490135.000001C38C642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://anglebug.com/7161nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://anglebug.com/7369Dnw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • 0%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://github.com/nodejs/node/pull/32887nw.exe, 00000017.00000003.2661191712.0000457E00502000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2660658347.0000457E005C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://anglebug.com/7162nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://github.com/nodejs/node/issues/19009nw.exe, 00000017.00000003.2523831415.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2657872461.0000457E007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000017.00000003.2523782741.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/5906nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://anglebug.com/2517nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://anglebug.com/4937nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://anglebug.com/7369-nw.exe, 00000012.00000003.2439038889.000001A558725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • 0%, Virustotal, Browse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348/SetupEngine.exe, 00000007.00000002.2389120599.0000000004711000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384927105.0000000004710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.quovadisglobal.com/cpsnw.exe, 00000017.00000003.2663582422.000001C38C5F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://bugs.chromium.org/p/v8/issues/detail?id=10201nw.exe, 00000017.00000003.2657578769.0000457E00042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svgexplorer.exe, 00000019.00000000.2467845224.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348CSetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348ESetupEngine.exe, 00000007.00000003.2359278283.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000003.2384038878.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000007.00000002.2388738537.0000000004701000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).nw.exe, 00000017.00000003.2660925900.0000457E00102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              1.1.1.1
                                                                                                                              		unknownAustralia
                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                              142.250.101.104
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              23.206.6.29
                                                                                                                              		unknownUnited States
                                                                                                                              		16625AKAMAI-ASUSfalse
                                                                                                                              89.187.187.12
                                                                                                                              		unknownCzech Republic
                                                                                                                              		60068CDN77GBfalse
                                                                                                                              142.251.2.84
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              142.251.2.95
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              89.187.187.25
                                                                                                                              		unknownCzech Republic
                                                                                                                              		60068CDN77GBfalse
                                                                                                                              142.251.2.94
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              142.250.101.101
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              31.13.65.7
                                                                                                                              		unknownIreland
                                                                                                                              		32934FACEBOOKUSfalse
                                                                                                                              142.251.2.113
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              162.159.61.3
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                              142.250.101.99
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              239.255.255.250
                                                                                                                              		unknownReserved
                                                                                                                              		unknownunknownfalse
                                                                                                                              142.250.101.95
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              161.35.127.181
                                                                                                                              		unknownUnited States
                                                                                                                              		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                              74.125.137.94
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              172.64.41.3
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                              Private

                                                                                                                              IP
                                                                                                                              192.168.2.16
                                                                                                                              192.168.2.4
                                                                                                                              192.168.2.5
                                                                                                                              192.168.2.22
                                                                                                                              127.0.0.1

                                                                                                                              General Information

                                                                                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                              Analysis ID:1403894
                                                                                                                              Start date and time:2024-03-06 10:49:56 +01:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 12m 55s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Run name:Run with higher sleep bypass
                                                                                                                              Number of analysed new started processes analysed:30
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:1
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                              renamed because original name is a hash value
                                                                                                                              Original Sample Name:9c23f857-b0b9-47d6-b664-47a3132066f4
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal40.spyw.evad.winEXE@54/364@0/23
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 87.5%
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 77%
                                                                                                                              • Number of executed functions: 133
                                                                                                                              • Number of non-executed functions: 273
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                              • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              10:52:33API Interceptor1746464x Sleep call for process: fast!.exe modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              162.159.61.3I_ CDE Awb_ 8995067407.msgGet hashmaliciousDBatLoaderBrowse
                                                                                                                                http://trafign.cluster029.hosting.ovh.net/fuelcartpo/vurte/Get hashmaliciousUnknownBrowse
                                                                                                                                  Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    phish_alert_iocp_v1.4.48 (6).emlGet hashmaliciousFake Captcha, HTMLPhisherBrowse
                                                                                                                                      boost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        http://213.109.202.222/download/xml.xmlGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                          http://tand6000.dk/files/files/zizami.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                                            https://www.colortrac.com/netapp/Get hashmaliciousUnknownBrowse
                                                                                                                                              SEDBK.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                1.1.1.1PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                                                                                                                                                AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 1.1.1.1/
                                                                                                                                                INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                                                                                                                                                Go.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                • 1.1.1.1/
                                                                                                                                                239.255.255.250https://nalders.uk/dq.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                  https://r20.rs6.net/tn.jsp?f=001woRi3_IBLR7xd4CFc-rCCtzgEtLmDlq2Q8hq6tydFaZCGYucU1Mq3x8KigHJI8u01XqzggZcT4VV-w-OJew3ypBUF8m-_-RoHacY1xSzIxwsKuqQfkemJzd96LH6ilc8voDdpL4kvBelRGBxIbj3cQ==&c=&ch=&__=ZG9ycmlnb0BlbGRlcnMuY29tLmF1Get hashmaliciousUnknownBrowse
                                                                                                                                                    https://r20.rs6.net/tn.jsp?f=001Rqz3xvcYlXUN_YX2Bim-QccBMZCy9pHttXmTiC6MmwjQOOx1ZReJwuCB4TTvyvmX9PoTMHU8zHtC7SkRPvSOBmVc_57oTMBCCNunpGRDFOSCpf-TzpJPIpBGpEfCuvlvaHybTfnJd_3-QPjnZLH2Ow==&c=&ch=&__=U2hhbmVTaWJiZWxAYmxhY2tzdG9uZWNoYW1iZXJzLmNvbQ==Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                      https://metasystemcheck.com/index.php?appealGet hashmaliciousUnknownBrowse
                                                                                                                                                        https://click.pstmrk.it/3s/bfsdqbhdfqsbhdf.blogspot.com%2F/lvid/EsqzAQ/AQ/3d6bdb2c-8ba6-4238-a213-e9cee32f03d6/2/EhSnAlFZDV#cl/210168_smd/274/3553163/3122/3317/328533Get hashmaliciousUnknownBrowse
                                                                                                                                                          To privacy@cabel.it 71949648 March 2024 .HTMLGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            https://app.getresponse.com/view.html?x=a62b&m=B0pKJb&u=IUAMy&z=EBsaJjJ&o=pp_5Get hashmaliciousUnknownBrowse
                                                                                                                                                              http://filesangebotfiles.topGet hashmaliciousUnknownBrowse
                                                                                                                                                                http://accuracyswede.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                  161.35.127.181Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                          89.187.187.12https://freeservicesupdate.servepics.com/login/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            172.64.41.3UnityLibraryManager.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              PEDIDO-DOCpdf.rarGet hashmaliciousUnknownBrowse
                                                                                                                                                                                Launcher.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  http://213.109.202.222/download/xml.xmlGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                    https://app.frame.io/presentations/798e246f-64cf-462f-8cb5-14fc41864c07?email_id=dff38d93-81f9-4a5b-ad33-58f1d34acce3&email_type=pending-reviewer-inviteGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      SEDBK.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        PROVIDENTH.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.9929.25870.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                            SecuriteInfo.com.Win32.TrojanX-gen.21155.29709.exeGet hashmaliciousAmadey, RisePro StealerBrowse

                                                                                                                                                                                              Domains

                                                                                                                                                                                              No context

                                                                                                                                                                                              ASNs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              CLOUDFLARENETUShttps://r20.rs6.net/tn.jsp?f=001Rqz3xvcYlXUN_YX2Bim-QccBMZCy9pHttXmTiC6MmwjQOOx1ZReJwuCB4TTvyvmX9PoTMHU8zHtC7SkRPvSOBmVc_57oTMBCCNunpGRDFOSCpf-TzpJPIpBGpEfCuvlvaHybTfnJd_3-QPjnZLH2Ow==&c=&ch=&__=U2hhbmVTaWJiZWxAYmxhY2tzdG9uZWNoYW1iZXJzLmNvbQ==Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                              • 172.67.164.112
                                                                                                                                                                                              https://metasystemcheck.com/index.php?appealGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.17.2.184
                                                                                                                                                                                              dmDeFvntUL.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                              • 104.21.65.24
                                                                                                                                                                                              To privacy@cabel.it 71949648 March 2024 .HTMLGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.17.24.14
                                                                                                                                                                                              https://app.getresponse.com/view.html?x=a62b&m=B0pKJb&u=IUAMy&z=EBsaJjJ&o=pp_5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.17.2.184
                                                                                                                                                                                              PO20240306.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                              • 172.67.209.67
                                                                                                                                                                                              8lypeeOlrN.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                              • 104.21.65.24
                                                                                                                                                                                              SecuriteInfo.com.Trojan.PackedNET.2725.27231.18654.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                              • 104.21.27.85
                                                                                                                                                                                              CgoegMEw8J.exeGet hashmaliciousLummaC, Babuk, Djvu, Glupteba, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse
                                                                                                                                                                                              • 172.67.192.62
                                                                                                                                                                                              CDN77GBhttps://nalders.uk/dq.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.167.2
                                                                                                                                                                                              https://flow.page/communitywestcu.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.16
                                                                                                                                                                                              http://spacex-falcon.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.16
                                                                                                                                                                                              http://spacex-falcon.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.16
                                                                                                                                                                                              SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 185.229.191.44
                                                                                                                                                                                              https://u3475401.ct.sendgrid.net/ls/click?upn=u001.0-2BOjl-2BZg3Rqumxt-2BL7adNSm8oShdqLcKfe3phwTJM2sm2GgvhjDlDlifxUG2C9lGvkFx_BS-2FCGvsXme-2BolZM92Eoni-2FdtdMvSpGU1Lrwe4I6quydUxKPtzR8lyAmi7xMrMCMMIUNSXrpDIpqh-2FqvvAK2cGe6q-2B2YQnbfa5DfcPXKwHcqBYWlQBKyEBmOUvcM-2FV3SpgQ5DT8vuunLHHFJrV-2FlE1zhEvTw1NYwEfo-2BAUWZzvVzZdMJNITwE9aVRolXPoIqnd0gkznPM82I8tZ5vY6VQTwyoQURRvJM7Ykq6CcNXqibCj6vfSW1-2Ffbuta9t-2BFMxKGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.16
                                                                                                                                                                                              https://www.Sunfest.com/tickets?squadup-promo=sun24group-discountGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.17
                                                                                                                                                                                              https://nalders.uk/dq.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.167.3
                                                                                                                                                                                              http://www.sunfest.com/tickets?squadup-promo=sun24group-discountGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.17
                                                                                                                                                                                              CLOUDFLARENETUShttps://r20.rs6.net/tn.jsp?f=001Rqz3xvcYlXUN_YX2Bim-QccBMZCy9pHttXmTiC6MmwjQOOx1ZReJwuCB4TTvyvmX9PoTMHU8zHtC7SkRPvSOBmVc_57oTMBCCNunpGRDFOSCpf-TzpJPIpBGpEfCuvlvaHybTfnJd_3-QPjnZLH2Ow==&c=&ch=&__=U2hhbmVTaWJiZWxAYmxhY2tzdG9uZWNoYW1iZXJzLmNvbQ==Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                              • 172.67.164.112
                                                                                                                                                                                              https://metasystemcheck.com/index.php?appealGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.17.2.184
                                                                                                                                                                                              dmDeFvntUL.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                              • 104.21.65.24
                                                                                                                                                                                              To privacy@cabel.it 71949648 March 2024 .HTMLGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.17.24.14
                                                                                                                                                                                              https://app.getresponse.com/view.html?x=a62b&m=B0pKJb&u=IUAMy&z=EBsaJjJ&o=pp_5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.17.2.184
                                                                                                                                                                                              PO20240306.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                              • 172.67.209.67
                                                                                                                                                                                              8lypeeOlrN.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                              • 104.21.65.24
                                                                                                                                                                                              SecuriteInfo.com.Trojan.PackedNET.2725.27231.18654.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                              • 104.21.27.85
                                                                                                                                                                                              CgoegMEw8J.exeGet hashmaliciousLummaC, Babuk, Djvu, Glupteba, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse
                                                                                                                                                                                              • 172.67.192.62
                                                                                                                                                                                              CDN77GBhttps://nalders.uk/dq.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.167.2
                                                                                                                                                                                              https://flow.page/communitywestcu.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.16
                                                                                                                                                                                              http://spacex-falcon.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.16
                                                                                                                                                                                              http://spacex-falcon.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.16
                                                                                                                                                                                              SysrI6zSkJ.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 185.229.191.44
                                                                                                                                                                                              https://u3475401.ct.sendgrid.net/ls/click?upn=u001.0-2BOjl-2BZg3Rqumxt-2BL7adNSm8oShdqLcKfe3phwTJM2sm2GgvhjDlDlifxUG2C9lGvkFx_BS-2FCGvsXme-2BolZM92Eoni-2FdtdMvSpGU1Lrwe4I6quydUxKPtzR8lyAmi7xMrMCMMIUNSXrpDIpqh-2FqvvAK2cGe6q-2B2YQnbfa5DfcPXKwHcqBYWlQBKyEBmOUvcM-2FV3SpgQ5DT8vuunLHHFJrV-2FlE1zhEvTw1NYwEfo-2BAUWZzvVzZdMJNITwE9aVRolXPoIqnd0gkznPM82I8tZ5vY6VQTwyoQURRvJM7Ykq6CcNXqibCj6vfSW1-2Ffbuta9t-2BFMxKGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.16
                                                                                                                                                                                              https://www.Sunfest.com/tickets?squadup-promo=sun24group-discountGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.17
                                                                                                                                                                                              https://nalders.uk/dq.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.167.3
                                                                                                                                                                                              http://www.sunfest.com/tickets?squadup-promo=sun24group-discountGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 89.187.177.17
                                                                                                                                                                                              AKAMAI-ASUSdmDeFvntUL.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                                              • 184.85.65.125
                                                                                                                                                                                              8lypeeOlrN.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                              • 184.85.65.125
                                                                                                                                                                                              CgoegMEw8J.exeGet hashmaliciousLummaC, Babuk, Djvu, Glupteba, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse
                                                                                                                                                                                              • 23.51.204.111
                                                                                                                                                                                              cBY69mSf3Y.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 88.221.207.249
                                                                                                                                                                                              SQwB4jzELt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 95.101.248.59
                                                                                                                                                                                              VSSB8qxqwA.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                              • 104.105.90.131
                                                                                                                                                                                              52CMukEtnK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                              • 104.102.129.112
                                                                                                                                                                                              Oni0XhPXyF.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                              • 104.102.129.112
                                                                                                                                                                                              http://omgfreeet.liveGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 23.56.162.111

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              No context

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllhttps://download1.rstudio.org/electron/windows/RStudio-2023.12.1-402.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                webex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  webex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    Launcher.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      boost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        Cunola.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            webex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              webex.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\BigTestFile

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):25600000
                                                                                                                                                                                                                Entropy (8bit):2.1356396463632663
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:UBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBh:
                                                                                                                                                                                                                MD5:1492FBBA6D20809E4D0858576691329A
                                                                                                                                                                                                                SHA1:9D8819E052EA4A84A728D7E4BB13CF4B47858D71
                                                                                                                                                                                                                SHA-256:78AF5CA00A02EFE680D394FFF6596444A126ACD94276671747D24D29771EC6A2
                                                                                                                                                                                                                SHA-512:2B3C6DD8820B470AB744BC4DBBF41861F8E91305DCC936E2950C0EF80335B8A5C0F34BDE3B8BE5174ADC77ACF743B9910E9E651C6977DB83D88D4E38B310F848
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:8..8j..........................`-.........X.......\S...]to.........................8..............i...........................................Auo@Uuo............M..P.to............................................................p...........................................................]..H....>to.>to.....>to............>to:[to....................0.....................{v..................|v..|v...................y.....I..m..................(i...M...>..(>...h..........pi...i...i..$i..a................................................................................................................................................................................................................................................................................................................................................................................................................4+zv.........f..P[to.>..........................................qqqqqqqqqqqqqqqq........

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\FastSRV.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):187728
                                                                                                                                                                                                                Entropy (8bit):6.546631521874263
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:yVK4L7fx9tWG76M2CDuLMzV4VV3qRb7mJZJemG15j6f2Krpj60:/yfxak6mD5VO3qce6xpj60
                                                                                                                                                                                                                MD5:99A0AFAF20877C3807D5EF292FACDDC7
                                                                                                                                                                                                                SHA1:3D5676CF1CFA6908C1FBC8E8DF4AA69E44CD8444
                                                                                                                                                                                                                SHA-256:04ADC16448C10636AF97137AFBCF32807EF0A599919EC871820BB279FA3BCDD2
                                                                                                                                                                                                                SHA-512:6C0F23433D356707C410C8569B3B8D083CBC2D22DBA7EB538E47EFF53BB90D814F71E0138DDD7798A43291B9BC6A317CFED284E9C52F1E7C56D2C53B77413A34
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 4%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................T.................................g.....gD....g....Rich..........................PE..L...Q..e...............%............T.............@.................................9.....@.................................0...x.......................P-..........xk..p....................l.......j..@............................................text...,........................... ..`.rdata..............................@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\fast!.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):769872
                                                                                                                                                                                                                Entropy (8bit):6.578253054311399
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:EUqEHeHb6dFSKYLlPyDfQhtxnco+GGUsROl2zv6j9KSWhvrxq5RFjLRaslbkh:EUbWlPyD5o+G1sFv6j9KSavI5RBRn1kh
                                                                                                                                                                                                                MD5:A2EF6C8CCFBEEE722F02C9744272449A
                                                                                                                                                                                                                SHA1:9B60C5D3890A8E44C16D3CA7446876E91C4223E0
                                                                                                                                                                                                                SHA-256:45F4752B7D517A3FF4D00C5E8ED2D475F6E5809B70DCA55EA12A489544FD9E84
                                                                                                                                                                                                                SHA-512:3803F2741A30D69500F3CD0E66A5F99B79394BA20F5DBBB948295E597E49CF05D337D1DE3B97BC0D0C7BEB18D0725B260C0F7C9C04524FD94B340BDC01DFE934
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 29%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hl.7...d...d...dGu.e...dGu.e...d.r.e...d.r.e...d.r.eh..dGu.e...dGu.e...d...d...d4..e(..d4..d...d..yd...d4..e...dRich...d........PE..L...L..e...............%.............X............@................................._9....@..............................................D..............P-...`...f......p...................@...........@...............x............................text............................... ..`.rdata..6...........................@..@.data....U.......D..................@....rsrc....D.......F..................@..@.reloc...f...`...h...*..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\credits.html

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9285528
                                                                                                                                                                                                                Entropy (8bit):4.830539768724432
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:mDWFy1PJPMPJTV/ti5DSP12dvbV2W20v6vqKesb+uUPJNPJ6PJiPJzPJdWfsvDAT:mDWFQhCr/tipQcdp2z6IDesaDqG1lva
                                                                                                                                                                                                                MD5:C2F7BC99A1BBDAEEDC88DD2F1678C1D8
                                                                                                                                                                                                                SHA1:560222008DBB6C51DBA7E5F8284ECEBCDF8692BE
                                                                                                                                                                                                                SHA-256:DE1CE7A596D3C09D91F8F0F21CA835E25F981D0799C8B12CB470CE3AF1DCE65B
                                                                                                                                                                                                                SHA-512:A2808A0A6F4415E70C4F2F628B4E8B97D4461E03453A9C772E7B8B4F889DF8660768B3D71DBD1B26E6D41D11C2C6FB0A0E1A2F9E549012BD2942D7B22893BFAD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<meta name="color-scheme" content="light dark">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<link rel="stylesheet" href="chrome://credits/credits.css">..</head>..<body>..<span class="page-title">Credits</span>..<a id="print-link" href="#" hidden>Print</a>..<div class="open-sourced">.. Chromium software is made available as source code.. <a href="https://source.chromium.org/chromium">here</a>...</div>....<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->..<div class="product">..<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>..<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>..<input type="checkbox" hidden id="0">..<label class="show" for="0"

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4916712
                                                                                                                                                                                                                Entropy (8bit):6.398049523846958
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                                                MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                                                SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                                                SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                                                SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: webex.exe, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: webex.exe, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: Launcher.exe, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: boost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: Cunola.exe, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: webex.exe, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: webex.exe, Detection: malicious, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2046976
                                                                                                                                                                                                                Entropy (8bit):6.649283135735361
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:AWAYwK157qsw8g5DitUKT6mPgPswvD9Q++AViqp6JoIpBHHM9wkk:3Ay15Wiuitp6mPs9T+AVizJochHMM
                                                                                                                                                                                                                MD5:05A1F9113FEEB06EBDB0AF5C94C37879
                                                                                                                                                                                                                SHA1:0647A8FF8852F9735BF3F3B2009FD46FB235F5AE
                                                                                                                                                                                                                SHA-256:A49240F9B626D8EF02713EFC9624408F1FA0399775B68FB3F2EF1DB69FB8AB78
                                                                                                                                                                                                                SHA-512:B9F6A319378345720F55A1620114312558BE2DA0F53C008F0BF984CFDC094EB810470A31248852DF0B0AB07CCE7CE083EFAE1BCD5E015DBC4248DF86137B3B2B
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .........@...............................................00...........`A........................................`.......v...(...../.0........}............/..2......8.......................(... ...8...............`............................text...}........................... ..`.rdata...1.......2..................@..@.data........P..."...*..............@....pdata...}.......~...L..............@..@.00cfg..0....`/.....................@..@.gxfg....,...p/.....................@..@.retplne....../..........................tls........../.....................@....voltbl.8...../........................._RDATA......../.....................@..@.rsrc...0...../.....................@..@.reloc...2..../..4..................@..B........................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\icudtl.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10717392
                                                                                                                                                                                                                Entropy (8bit):6.282534560973548
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                                                                                                                                                                MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                                                                                                                                                                SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                                                                                                                                                                SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                                                                                                                                                                SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\libEGL.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):455168
                                                                                                                                                                                                                Entropy (8bit):6.325643014425336
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:vE4vggB77XnAFJOiVghQNu0Q/2fNClzCdrJEQa+1:c4ogxnAFJOkghQNrClGrJED
                                                                                                                                                                                                                MD5:FAA27BF7062F3D7514386A5FA4ACB81E
                                                                                                                                                                                                                SHA1:6CE3A638D81B1FC824B2D21C4725B08C72428E73
                                                                                                                                                                                                                SHA-256:1388FB48FA0FB258BB1AAA5597AA2B867144DCEB099DAB3B43101787BB483C2F
                                                                                                                                                                                                                SHA-512:804B7A9A6E0EC4F927CF4AE891F1B78742C5E4E0F463B286AD22C0C37FD7D980CD7EDA3D159A657E5BFCA9344074399560AEC87D7CD580BD29CE864D0DDEE38C
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .........".......7....................................................`A........................................`...h.......(.......x.......TB..............4.......8...................p...(....%..8............... ............................text..."........................... ..`.rdata...|.......~..................@..@.data....O...`... ...H..............@....pdata..TB.......D...h..............@..@.00cfg..0...........................@..@.gxfg...`%.......&..................@..@.retplne.....@...........................tls....!....P......................@....voltbl.8....`.........................._RDATA.......p......................@..@malloc_h0........................... ..`.rsrc...x...........................@..@.reloc..4...........................@..B................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6875136
                                                                                                                                                                                                                Entropy (8bit):6.458952708031866
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:FfoLgaKqO6rk/8KR41Xft+AlHH4Jv3l+7gFOsTvZTGT4ltgh/sKDEtVFFTK2/get:6BXFTlnKkuQ4WAiwwHurw3XF
                                                                                                                                                                                                                MD5:B8F6D5DA6F220F8D39D2C0413BF50C7B
                                                                                                                                                                                                                SHA1:18ED7A44DDAB24E81B78142B3B676C8E02F33055
                                                                                                                                                                                                                SHA-256:51E4108E0C3607BB52DD64F3109559A40DCEDFC8BDE4BAFF84EA5F214E97856A
                                                                                                                                                                                                                SHA-512:9459088B776D32101734FF46D49604E12976B18BED832005873AEC360AEF2A9B03F27B79114EED769D32733B48617480D4F289A8EB73657BCF752755CD0FBE33
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......L...........I.......................................j...........`A........................................}._.....+.`.d.....i.......e...............i.<...tr_.8...................Hq_.(...@t^.8...........H.`......._.@....................text.....L.......L................. ..`.rdata.......L.......L.............@..@.data.........a......ra.............@....pdata........e.......e.............@..@.00cfg..0....ph.......g.............@..@.gxfg....,....h.......g.............@..@.retplne......h.......g..................tls....Q.....h.......g.............@....voltbl.D.....h.......g................._RDATA........h.......g.............@..@malloc_h0.....h.......g............. ..`.rsrc.........i.......g.............@..@.reloc..<.....i.......g.............@..B................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\af.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):478847
                                                                                                                                                                                                                Entropy (8bit):5.411085530754943
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:jMe7qtho+VTrASMKVkP+S2Z12JynubrmIZ+8FQgB2CSI2Ts37UzO25g/tz6XiDiN:D7qthoMTcSMaO+S2Z12JynubrmIZ+8Fs
                                                                                                                                                                                                                MD5:FFB5C6F2DD2A21D555DC6E9F57CE8A62
                                                                                                                                                                                                                SHA1:D2D7EA11DD49B6E0210FB96509852431D4056624
                                                                                                                                                                                                                SHA-256:1FC2D1624F4ABF0379E1825B47A3F1B901FDF2FC95485E74581C75A65F2AD3D5
                                                                                                                                                                                                                SHA-512:D74FC561B4221D0CA168463C955865ED004A5763E355D44E800854DB4845850C607E0E1020D6E215D349E18A1B56A3C2B53538DC86CC54D67DE10F47959E2A6A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.~...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................I.......................}...................................8.....M.................H.....a.................).....7...............................................$.......................<.................*.....<.................&.....5.................D.....Z...........B.......................7.....T.....e.......................).....r.......................9......................./.............................].......................&.....M.....V.......................!.................P.....g.................*.....B.......................%.............................x.................@.............................n.......................n...................................`.....t...........M.......................r.......................I.....m.....{...........).....T.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\af.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\am.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):776023
                                                                                                                                                                                                                Entropy (8bit):4.912989601907357
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:ij72EQ/cuFzYzxpTEzH3dj262NzTh5j96gVr5OxPF3x30jH8+F:AhQ/fYzxezHNj262NzTh5j96gVr5OxPM
                                                                                                                                                                                                                MD5:ECEB40BA11424F46F2A80DEC00750820
                                                                                                                                                                                                                SHA1:053992E95D2AC8304513252A3DA369925CAF95E5
                                                                                                                                                                                                                SHA-256:8C6606B346A44EF8AD24602B8086831E0DDED9D16B51B3FC72837A98648150E6
                                                                                                                                                                                                                SHA-512:3B720AD44BC040F35D1EAF98751C23EB18D3326B051A95836B6556B8E2BDD3F99D40FB3B21DD8655F2B238511A33C5E83A57EFD2039CFFFCFA6B2CCD6369ADFD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}.....................................................................................$.....C.............................i.....!.......................].......................w.............................P.....c...........\.................Z...........+.....[.....>...........P.........................................P.................u...........f...........`.......................N.......................n.................).................6.....I.......................3...........c.................f...........E.....[...........s.................`...........*.....:.......................<.........../.....i...................................}...........7 ....P .....!.....!.....!....9".....".....#....T#....v#.....$.....$.....$.....$.....%....5&.....&.....&.....'....T(.....(.....(.....)....m*.....*.....+.....+.....,.....,.....-....t-.....-.....-................d/...../

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\am.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ar-XB.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):782112
                                                                                                                                                                                                                Entropy (8bit):4.928681356185768
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:JMkZzLmzDtdSSuMQUyniepgRwgPc51CyHjT5fuf7b6bR:JUbDpm5fua
                                                                                                                                                                                                                MD5:4B92310FD43DFB026D329D2C2A5748B6
                                                                                                                                                                                                                SHA1:58C462A55B1087DECB23D3ACD63664D6CDC968EF
                                                                                                                                                                                                                SHA-256:6727C5946AFF5220BC341D105A3BCCDE4EAA8DADB9DED3AE38578AD5B7C1B9D1
                                                                                                                                                                                                                SHA-512:6FB9A7BAA5BC26704A4BDDB5E4AE3FFC5F019F9DFD2064AEC0F68E1DAB3B57187E5A94F9111C09FC5CD382A2A894C5004634500A407F27BC96D1D3925B00BABB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........c%..e.....h.....i.....j.....k.'...l.2...n.:...o.?...p.L...q.R...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.........................................................................!.....<.....X.....u.....K.......................b...........^.....z.....A...........k...........@...........8....._...........t.................f...........6.....O...........}.......................\.......................".....}.........../................./..........._.......................U.................t.................5...........2.....u........................................./.................L...........@.....X.........................................r........... .................#.......................3...........>.................E............ ....@ ..... ....m!.....!.....!.....".....#....m#.....#....2$.....$.....$.....$.....%....(&....|&.....&....]'.....'....M(....}(....a)....8*.....*.....*.....+....G,.....,.....,.....-..........k............/...../...../...../.....0....;1.....1

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ar-XB.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):854092
                                                                                                                                                                                                                Entropy (8bit):4.92310545483486
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:FG31wB1tu/N/RL8u4NOIv2U3NwFkNN5xNNx+jGqhXpY:wFQyYt5r+W
                                                                                                                                                                                                                MD5:D09D02925D1A68D8AA2A8930CD0D3739
                                                                                                                                                                                                                SHA1:4A72D8A7CB99F2590F450CA1EC872AA829F7D9BF
                                                                                                                                                                                                                SHA-256:57DE76102D4BEA2EDC2042BD4C6E57EC9CD71C1A138D5547030B805A78BA2CB3
                                                                                                                                                                                                                SHA-512:6F9AF788E5230BBBD8616C6CC90AB7799BE4C1E649477E81250ABCEECF0EF77B22488A433A27F69EF6753BA162948890D0705834A4AC3ACD689F37797754D1C4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........w$..e.(...h.,...i.7...j.C...k.R...l.]...n.e...o.j...p.w...q.}...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,...........3.....L.....i.............................Y.....}......................./...........................................................).....o.................y.................b...........F...........F...........X.....~.....].....-.................q...........e...........4...........o.................~...........]...........k.................\.............................%.....e...........5..........._.....}...........|.................r...........\...................................a...........-.....B...........y.................{...........-.....S...........N...........- ..... ....$!....B!.....!....e"....."....."....j#.....#.....#.....$.....$....-%....r%.....%....#&.....&.....&.....&.....'.....(.....).....)....q*.....*....O+.....+.....,.....,.....,.....,....Q-.....-.....-.....-..........U/...../...../....i0

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):883810
                                                                                                                                                                                                                Entropy (8bit):4.685141869398855
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:8rlCVOq0aAlYMdAs1axUlVbf/1A373ZB93aAK5kVDMb/Rumped2il5vJOueRJ3Qd:8rlCVOq0aAlYtUlVbf/1A373ZT3a1kVP
                                                                                                                                                                                                                MD5:7EF3FCC095170AD95BC91B99FF64E003
                                                                                                                                                                                                                SHA1:CD059C9CE38DE90855242BC0C0060CC96BBE7FB2
                                                                                                                                                                                                                SHA-256:E6D5A9607BD4E9F906B1A81FDD940AF69AF33B1F5402A277660473092950709E
                                                                                                                                                                                                                SHA-512:05320A66AB533626C108EAAC57FD43192DC99809040EE4808528CCEF3DC1803D6FACCE765E7787A5C02B18454D3348BCE0120C53BD56E2DFF9FCB2C6CE5B4A3C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y."...z.1...|.7...}.I.....Q.....V.....^.....f.....n.....u.....|...................................................................................?...........................................................J...........u.................z...........R.....x.....d.........................................b.....L.............................@...................................=.....P.....).......................9.....x...........F...........).....Q...........v.......................3.................\...........0.....O...........b.................[.................=...........p ..... ..... .....!....."....q#.....#....M$.....$.....%....K%.....%....S&.....&.....&.....'....k(.....(.....(.....).....*....$+.....+....@,.....,.....-....5-.....-................,/.....0.....0..../1....d1....T2..../3.....3.....3.....4.....5....+6....u6....@7.....7....38....k8.....9.....9.....9.....:.....;.....;....\<

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\bn.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1137123
                                                                                                                                                                                                                Entropy (8bit):4.299580400060432
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:vsgx+0TQQGyqtHFtIdK009fQ0/QB/LCLTSukkRBb6BiDSk51hwDlWA:UgU0TLALM/LYTSunBbl5ylp
                                                                                                                                                                                                                MD5:C7D249577D0BC3BBF809D9A564CEF77C
                                                                                                                                                                                                                SHA1:1B234DEB6712DCAA796F796533FB01D5A097555C
                                                                                                                                                                                                                SHA-256:8638CE39FD97E8ADAF332FFC49E4A0DE9CBEF4D4BC22B18F332799CD408E3C19
                                                                                                                                                                                                                SHA-512:9CB6511A3F6FADB5ECF6303F3704707B076AC30AFDE4906BA934958516DCC47EE2A0189801EAC5432B22F789CEFE65F032AC455E783AB1A5071405F54315CE11
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.,...y.2...z.A...|.G...}.Y.....a.....f.....n.....v.....{.................................................................Q.....{...........A.....}.....r.....I...........".....G.....A...........>.....6.......................|.....?.......................?.............................I.................l...........R.....A.............................C.............................U.......................I...........f...........D.....w...................................@.....s...........v.....%....................... ..... ..... ....k!....."...._"....."....-#.....#.....$....<$.....$.....%.....%.....&....''....C(.....)....V)....P*.....+.....+.....+....y,.....-....D-....t-....B...........o/...../.....0....\1.....1....k2....%3.....3.....4....74.....5.....5....%6....]6....`7.....8.....8.....8....!:....u;....h<.....<.....=.....>....y?.....?.....@....}A.....A....(B.....B.....C..../D....^D....dE....8F

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\bn.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):546766
                                                                                                                                                                                                                Entropy (8bit):5.396073089699102
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:4NlMvG4Tp7dcEpy/m3O5PAF4N3Mw2juwHzejm0t3lvq8E98URaIs3cmlLEYjCJk6:tVYDQ/ROb9ZMN7MZlg5P1XqM
                                                                                                                                                                                                                MD5:C422744DE25D9CE25623EAC83A9FBA46
                                                                                                                                                                                                                SHA1:6C58BA81E244D6C30A3D1AC86300F84DF11B548C
                                                                                                                                                                                                                SHA-256:2EA46B2A2245FBAAEA60309401F8E6BE455B58AABC90CFE99C24B519914F0E36
                                                                                                                                                                                                                SHA-512:997FF1DC5E30C86AAB94A1AE006435CD39877D7B5903FFF2D4C36E2DB5383A76158BBF0EB32B80ABD2FA40EC121A11B43D305B5F249799E77ADFE54504F40D7D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y. ...z./...|.5...}.G.....O.....T.....\.....d.....l.....s.....z.........................................................../.................)...................................d.................F.....~.................J.....}.................A.....t.................o.................d.................@.................T.....h...........".....Y.....m...........K.................G...........+.....Q.................2.....N.............................|.......................|.................+.......................'.....x.......................Q.......................4.......................T.................&.......................).......................L.......................j.................P.......................-.........................................,.....H...........m.................z...........&.....P.................R.....r.................3.....F.................^.....z.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\cs.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):555080
                                                                                                                                                                                                                Entropy (8bit):5.842295811527368
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:Jv0Zr1PzZEPnpreL0vGJA+AsQ0K5B+8VKfNO4w3SBkmPyh8Qms9:h0ZRmNK0vG6L0K5B+8VKfNO93S6mPW
                                                                                                                                                                                                                MD5:120845B1CB9B9D8235CDA4BBFB05FC69
                                                                                                                                                                                                                SHA1:4D30CFFE8C52F3C287062CA1031F4C070C255840
                                                                                                                                                                                                                SHA-256:80DCCCD03056F4D658DEE40C90D0D7AC46B08C6516C0187261E62BC623D8EA40
                                                                                                                                                                                                                SHA-512:0B69DE112419777059597A5346DB101F234B89004ECE1A4313B50309A6542FFA337527355E97EF81644E5D24B7AA6818EFDC17235CB1FCB939987300C339A6DD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.\...h.`...i.h...j.t...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.#.....+.....0.....8.....@.....H.....O.....V.....].....^....._.....a.....q.......................F...........9.....W.................P....._...........b.................H.......................m.......................i.......................l.................)...........:.........................................@.......................i...........$.....9...........4.....w.................C.....`.....w.................H.....Z.................!.....2.................8.....L.................D.....V.................+.....8.................:.....M.................V.....j..........._.......................R.....m.................".....C.....b...........).....U.....k...........K.......................i.......................{.................;.......................f...........".....4...........F.................$...............................................2.............

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\cs.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\da.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):505239
                                                                                                                                                                                                                Entropy (8bit):5.448226222916994
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:in4xaYaQzVWZqo5cU+8+4kijSwlTwpJwawobR09vcuL5kPrTEr/d4JTGqVwXzZhJ:i4xaY9r8PjbQ45ErBTpY
                                                                                                                                                                                                                MD5:9BF8555DCC94477ED9FBDD10C62CDA28
                                                                                                                                                                                                                SHA1:9E67FD5CA48A1CFC3CC516811EF0DA008C84B273
                                                                                                                                                                                                                SHA-256:5EDC021B352EBE4EB7AA81B9486E58946CDD0F91B686A08A0DE038DECD5AFF9B
                                                                                                                                                                                                                SHA-512:BE08559FEAF96275B870E086A6AB8EE8C644D65C67F290099D05558E025FB33FAE4CAB68A5EB803BDE032CA09D2E2BAF71F72177B3A53BF518C685826E3F1F23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.$...w.1...y.7...z.F...|.L...}.^.....f.....k.....s.....{.......................................................................X...................................<.....T...........f.................-.......................-.............................t.......................u.................8.......................s.................2.................?.....S...........\.................Y...........1.....W.................4.....F.............................m.......................X.......................^.......................W.......................;...............................................).......................p.......................T......................./.......................,.......................j.......................j...............................................~...........6.....D...........U.................!.............................`.....|.................K.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\da.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\de.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):544541
                                                                                                                                                                                                                Entropy (8bit):5.4912987683783125
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:RAuRc5wJanQ13K7UpHad3gXiasnyX4VyuX3FwN1a265Jl5vRPNKzMgQIDCbL:RnBj13K7UpEgSamyHjw5CDvDCbL
                                                                                                                                                                                                                MD5:1BCD5AF995CC8061CA89637EF72CC1DB
                                                                                                                                                                                                                SHA1:3CEA0D8F5A8D7D0FB16BEB89365D4EA77AA9DC28
                                                                                                                                                                                                                SHA-256:EE1317B4F3A3C8C4CCCA9DFD49479AFF6A22893260A1AD38C1666CDE3DB228ED
                                                                                                                                                                                                                SHA-512:4370CCD37DFFCAA1A84CE7587D04488E034D86A17BC2C390667C1C73DF3A93E00C51E7F1E813FB83AFE1BDBC94B5BEB0DF3D9314752D172D6F7809C5561C85B6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........C$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.'...s.8...t.A...v.V...w.c...y.i...z.x...|.~...}.....................................................................................................................................C.....X...........P.................1.......................m.................%.................B.....V...........\.................E.................)...........*.....d.....u...........w.................^...........D.....^...............................................*.................-.....?.................>.....O...........\.................).......................[.........................................=.........../.....g.....y...............................................'.....y.......................w.............................1.....j.................k.........................................P............................. .....j.....t.............................m.................%................." ....1 ..... ....0!....h!

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\de.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\el.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):967007
                                                                                                                                                                                                                Entropy (8bit):4.76798089170347
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:NYc6PdGgx11hxFFc9N6JXDsSYSmqHMuD2fp3Lljr9AVH8+VdQ5tNDQo3FYtf2Uto:NYc6PdGgx11hxFFc9N6JXDsSYSmqHNDu
                                                                                                                                                                                                                MD5:92B4DB2E2A6334F9E8E4C3AD0478733B
                                                                                                                                                                                                                SHA1:BB51F1A509C3F6D5D69B0FD5BDD87632C6354ED6
                                                                                                                                                                                                                SHA-256:FE7B716FD80F8327DB8EE17FB0B2669EBE1EF18D196CB5141BE9210FEC9A0682
                                                                                                                                                                                                                SHA-512:7517FAD4EA889E97C840F2D32F6563C7597CA9FEA19FC7D7D83FF4D4AB47F00985EB49BD1676AF803CBFBA9E9C18771A2869416FB70A3C147F0571F39CAD04F4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w."...y.(...z.7...|.=...}.O.....W.....\.....d.....l.....t.....{.....................................................L.....s.....Q...........=.....8...................................R.................=.......................I.................e...........D.....d.....3...........R.......................".....\.................m...........o.....+.......................t...........*.....^.....V...........C...................................z.......................6.....v.................g................................................ ....+!....R!....."....."....!#....H#.....$.....$.....%....>%....I&....Q'.....'.....(.....(.....).....*....P*.....*....y+.....+.....+.....,...."-....y-.....-..........S/...../....'0.....0....v1.....1.....1.....2....f3.....3.....3.....4.....5.....6....J6....t7.....8....E9....~9.....:....f;.....;.... <....0=....,>.....>.....>.....?....c@.....@.....@.....A.....B....tC

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\el.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\en-GB.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):438233
                                                                                                                                                                                                                Entropy (8bit):5.518587154498282
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:vZI0SrL4yfYyzcMP9ehT/IfaYjYU8z5MKS8BE0RJEl:vZKwG4MOT/oo5bSVl
                                                                                                                                                                                                                MD5:53FB83F1300373ECD284455187B515D2
                                                                                                                                                                                                                SHA1:6081C8849D28FE9AF94C98B3B266F5A8A2F638E5
                                                                                                                                                                                                                SHA-256:9DC4D36ADD6D35462856BCD9F809E2FF54A4E290CBF35B55E01608AD2D923C4C
                                                                                                                                                                                                                SHA-512:F031B27103B879FF641EDF280B94BCF64584459E05C3C6B3E836597628626716ADBE263C8CFA7B3145BE453F0B9CDD14A667FB3BB5F8459039977FA4E26E84C1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........%=.e.T...h.X...i.f...j.r...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.!.....)...........6.....>.....F.....M.....T.....[.....\.....].....b.....o.....~.......................r.................".....p.......................q.......................h.......................>.....g.....u.................).....6.............................j.......................`.......................<.............................R.....~.................R.............................9.....H.............................,.....i.......................>.....p.......................G.....S.............................].............................b.......................O.............................Q.....g.......................".....o.......................>.......................%.....\.....w................./.....^.....n.................K.....c...........6.....~.................L.......................B.....n.....}.................(.....8...................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\en-GB.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\en-US.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):442167
                                                                                                                                                                                                                Entropy (8bit):5.509356040959441
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:tsKm5Yuuvn6MVB5TMP9eVX9vfaYIyz45cBSMn0F/B0fwH:ODhadlMmX9KX5QSsfwH
                                                                                                                                                                                                                MD5:06B76AB948526CE0875CD280F5559BE4
                                                                                                                                                                                                                SHA1:D0CB125B7ECD5E1A9DB001C611C21B2F26A46B1C
                                                                                                                                                                                                                SHA-256:49BEFD911A3E1456131FBCF4FCA1C0ACC0A7B711787486253BC7D5E6B38E1C3E
                                                                                                                                                                                                                SHA-512:2BD643032BA787BDFE67AD98DD01BE8B56D38D87A70CFB55E1858B56118C585BC1A6EBA6EA1BD4FBF214E45AD389D98F1058F38BA42E442C5C3DEDC049A4611F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........?%..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.'...t.0...v.E...w.R...y.X...z.g...|.m...}.................................................................................................m.................,.............................w.................!.....z.......................U.............................].......................#.....H....._.................G....._.................1.....?.............................].......................G.......................:.....q.............................3.....=.............................C.......................$.....m.......................4.....].....h.......................'.....p.......................J.......................E.............................C.....c.....x.................+.....:.......................9.....~.......................8.....~.......................].......................~.................>.......................?.............................G.....i.....y...........!.....R.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\en-US.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\en-XA.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):980342
                                                                                                                                                                                                                Entropy (8bit):5.216674843653677
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:JMpkqpOYzJWp1MoEY3RykXwYMCSXpOPBpPx3ASomwGiWAtyVS1UtuYtP0DvC5z9f:TBt5z9f
                                                                                                                                                                                                                MD5:6CE103C1633F4DF47E246CA9E98F35E6
                                                                                                                                                                                                                SHA1:86F97D6DFE7CE7DCF95EBEF5ABF669F7F8CB01A5
                                                                                                                                                                                                                SHA-256:A71EAE327B57CBB04148D906144583824EEED9DC2CDD150F5B1D19B61685107E
                                                                                                                                                                                                                SHA-512:5A2E530E6245B2D525F5CF3C08DBB901632175A21D927A58AB4974BDA48E59B9531C09938B938A4F1F6D66244DFF3E81E5176DD69445CFD007BFF34CD9D44DFC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........c%..e.....h.....i.....j.....k.'...l.2...n.:...o.?...p.L...q.R...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.........................................................................&.....I.....m.......................Y...........b.....+.............................T...........q.....8.......................b.......................O.......................U.............................K...........W.............................>......................._.........................................m...........=.....g...................................n...................................I.................O.....n.....1 ..... ....a!.....!....@"....."....l#.....#....F$.....$....l%.....%....~&....f'.....(....;(.....).....).....)....8*.....*.....+.....+....8,.....-.....-..........9..... /...../...._0.....0....h1.....1....:2....`2....C3.....3....j4.....4.....5....36.....6.....6.....8....&9.....9.....:.....;.....;....h<.....<.....=....R>.....>.....>.....?....@@.....@.....@.....A....qB.....B

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\en-XA.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):533930
                                                                                                                                                                                                                Entropy (8bit):5.3788313673683525
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:6IH8fG6z4/5iQ8X5p3YRRr5XLFYFIFUm+L:B8+6Z9pmr5bFbgL
                                                                                                                                                                                                                MD5:1B537CA4D3C9A1772F465BAE676BB1F6
                                                                                                                                                                                                                SHA1:E534EB772FDF11086F4637143789E730A4E05575
                                                                                                                                                                                                                SHA-256:A4F80D52562840FBB6C919F2B0E56AC85847463CA0BD90D93C44A4EB03D914A8
                                                                                                                                                                                                                SHA-512:8B305C7DFCADB99A8EB7BA22A5CE429B055741292B02D5D6DF9FE591B6ADFD08C25C401C771F3C7B0900BEB4F9D30E55E58F9DC2F74C21E0365740608B7A9FC2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.*...w.7...y.=...z.L...|.R...}.d.....l.....q.....y.........................................................................................v.................i.................Z...........7.....U...........B.......................B.....l.................<.....d.....u...........o.................n...........".....L...........).....n.................V.................)...................................j.................(.....W.....r.................K.....Z.................R.....h...........E.......................a.......................W.......................<.....l.....v...........D.........................................Y.......................c.................J.......................r...........).....j.................?.....Y.................O.....h...........5.................*.................(.................z...........#.......................5.......................7...................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\es.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):532503
                                                                                                                                                                                                                Entropy (8bit):5.357881561820044
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:6IB3CiKdyOR5u12clg135gObkpO+EdQ1m+dj75aIrJQh6S6PZ6k8jb:6IBPKRbq+1RopkQ1muj75Xrmhbb
                                                                                                                                                                                                                MD5:4F20600D22FBCFAA0415F214F1858B62
                                                                                                                                                                                                                SHA1:41145AE5255CB4CE20EB7EE57D503D4DE59941C7
                                                                                                                                                                                                                SHA-256:A09CB85E8844301A22500DEB47A8FE42E3943B183CC29CF2D4BAF6EA427FCB30
                                                                                                                                                                                                                SHA-512:288FD234D0563B32E13C2FD67DC59F1FE49B915A7531F72B28A1B09D40454AF7285EE749FD328708E6DEF9F513A85EC7806DEE7E4AB2BC1C6275CC21A71D4969
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.-...w.:...y.@...z.O...|.U...}.g.....o.....t.....|...................................................................................!.........................................l...........\.....v...........Y.......................k.......................l.................-...................................L.....j...........B.......................f.................6...................................g.................A.....t.................6.....^.....m...........0.....f.....|...........H.....{.................C.....w.................0.....a.....l.................D.....N.................;.....K...........9.......................P.....|.................J.....q.................w.................7.................'.............................}...................................4.....N...........b.................e...........0.....Y...........<.....}.................6.....\.....o...........@.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\es.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\et.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):484524
                                                                                                                                                                                                                Entropy (8bit):5.458569780933525
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:y0PQVDMd4S45K9vMNczUupn1J1ONRS+T7+F4mT7FN0gmFohW4xS/Y03pi802p5ay:yEN4Y9/Xpi/TOpbmFohozp5aj0x
                                                                                                                                                                                                                MD5:E0EE91083792BA6B9200106DAEC4F5A7
                                                                                                                                                                                                                SHA1:14BADA6580DDCCFF3C4CCC3DBC3568E5FCED1097
                                                                                                                                                                                                                SHA-256:770DC93416BDA6716E4D596E80638FBDAEA70F0EF9076A0D174D58C9467C61C2
                                                                                                                                                                                                                SHA-512:D4D733E2DD0EE3DF772D896CCDC1B09940EDF9A42F1A5B378CB1060ED3500E74CF69C79DC092D01BE8409AA9B01CF9685D3365F85EE3367A559371A6229E4020
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.,...t.5...v.J...w.W...y.]...z.l...|.r...}.......................................................................................................(.......................n................. .......................C.......................C.......................5.......................7.......................G.......................q.......................u.................!.................#.....;...........0.....u.................Q.....s.................7.....Z.....f.................E.....U...........#.....].....h.........../.....i.....w...........0.....a.....i...........).....\.....k...........*.....^.....f...........N.......................O.....n.................B.....f.................6.....n.....{...........C.....w.................F.....`.....q...........5.....].....u...........A.....y...................................}...........C.....h...........D.....z.................'.....C.....W...........%.....S.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\et.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):787089
                                                                                                                                                                                                                Entropy (8bit):5.051202428896656
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:i3x8u313uyqoe+s4q7CRmXzoT4WmdAQifaQ2XxFHGk62Bh96MX9OCRdpxHsAQi6A:i+v5ec
                                                                                                                                                                                                                MD5:68AD7F55117CCEC25D6B244662AD5018
                                                                                                                                                                                                                SHA1:FA1CCD5797A0218B632801B2A0F54929C0ECA622
                                                                                                                                                                                                                SHA-256:42E9643F8DE704B53F074F53FA7DACF5F6C6F6642C6CE0CD98294A91BAC26B80
                                                                                                                                                                                                                SHA-512:A6926C9BCCFB62B0506E7A45ED56D4FC4A0EDF983EBBF3134C4AB6C2FF1C2AF66BA82E7891B6F1530B927F72FEA43AB0A82DE9D70746DCD67F31A1B5CBF64FEE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........c$..e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}...................................................................%.....A.....k...........w.....H.......................M.......................]...............................................K.................=...........#.....D...........}.......................Q.................]...........I.....e.......................................................................R...........[.................0.............................%.....g.....~...................................D................."...................................V.....x...................................M.................P.................%...........l........................ ....n ..... ....B!.....!....3"....y"....."....o#.....#.....#....i$.....%....e%.....%....*&.....&.....'....)'....'(.....).....).....).....*....R+.....+.....+.....,....9-.....-.....-..../......................../....A0.....0.....0

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):492464
                                                                                                                                                                                                                Entropy (8bit):5.425658384076431
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:ilaR0mV19j/WJ8eG6KZ8VreKRJTsbTIOEiTak9LQ53YW2HrEaWacvr3OW3MWO4Ap:ilch19qJaQetax53YtHrEaWa2YuYn
                                                                                                                                                                                                                MD5:A7A39FB45BF28A1704F1088784ED9B21
                                                                                                                                                                                                                SHA1:8F6021070CFC88BDFCA8E628BFD8DCE4D5234912
                                                                                                                                                                                                                SHA-256:6625723666A0433A29F9943E8B3DDEBDF676F38ECD4EECA1EFBC1FAB7E19CE8D
                                                                                                                                                                                                                SHA-512:3E3C20BB58C701E72CAF59E78F23FC2A2A9F742986C7655760BFAD7CE775D423B72C8127964A97CD6DFC3082B2DC46F20F129FECBA8C4A5BD7EE2E9B85D623FD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........R$..e.....h.....i.....j.....k.....l.....n.!...o.&...p.3...q.9...r.E...s.V...t._...v.t...w.....y.....z.....|.....}.....................................................................................%.....>...........C.......................q.................&.......................M.......................W.......................5.....~.......................Z.......................}.................7.......................3.......................6.......................V.................$.............................Y.............................i.......................9.....c.....m.................L.....Y.................!.....,.............................j......................._.......................|.......................I.......................?.......................=.......................G.............................d.......................\.................5.........................................0.......................,.....n.......................5.............

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\fil.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):556786
                                                                                                                                                                                                                Entropy (8bit):5.192882907827124
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:6fvFTGCvtu/Zy3DQBIBg0/S2FCvenG2Z3LRmI5Fwm0InAREt8:Y9j1aslUI5amG
                                                                                                                                                                                                                MD5:5A029FBC334FB96F05BA7CB40CBF77FA
                                                                                                                                                                                                                SHA1:993AD2E2C05C5B6374DA6547FE9F966F8FA33FF0
                                                                                                                                                                                                                SHA-256:02174D6A13714498334FCDCFB6F78007756D65FFD69F2984C4E010D293A0A264
                                                                                                                                                                                                                SHA-512:D10309197A9AE36A250944C0BA36DA184FFDCF2DD21874E1EAF3C1075057600219EA6B986F31B9CA727349E07262159B9AB8D7069946B1B532819202BCD3BE0D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........ %*.e.z...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w."...y.(...z.7...|.=...}.O.....W.....\.....d.....l.....t.....{.......................................................................p...............................................t...................................N.......................[...................................O.....~.........................................A.....W...........A.....~...............................................x.................Y.......................O.....w.................8.....b.....q...........N.......................k.......................s.......................t.......................v.................3.................#.......................3.............................r...................................T.................R.....|.................t.................P.................'...........[.................j...........9.....j...........J.......................P ....x ..... .....!.....!.....!

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\fil.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):578290
                                                                                                                                                                                                                Entropy (8bit):5.380153051203165
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:jmDHjPf6ZLiXrmDDq6QuaMV5uKzxOt11Z8MYnYJYQgIRyz+X5Dx0JSWdv40wCU7p:kv6VNe5Mw
                                                                                                                                                                                                                MD5:DAF38B05615CF2B32110153A87F00A49
                                                                                                                                                                                                                SHA1:5BA7AE47BCF97F25CA4AE39F2719CD167525B7A6
                                                                                                                                                                                                                SHA-256:F27B84A739C6F37556506BD6B6681FA347B91D8852BFAAFB8C2388240D61B4E3
                                                                                                                                                                                                                SHA-512:24F7F127200BEED942F55D6A5C8A8EC0F395BDDE5005E181578C4F82774145C87FF7DF31AE3ED5E395BD6B4415B34F7DDD404FD916953D3DBCA6A2AC541D7DB5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.`...h.d...i.u...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....M.....U.....\.....c.....j.....k.....l.....n.....~.......................R...........r.................{.................c...........H.....d...........?.......................p.........................................[.................6...........!.....d.................f.........................................T.................%...........I.................'.......................(.......................".......................:.......................S.......................V.......................C.......................<.......................g...........K.....b...........(.....V.....t.................,.....J.................P.....l...........w.................S.......................S...................................R.....r...........p.................^.................6...........A.......................V...............................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1122667
                                                                                                                                                                                                                Entropy (8bit):4.3400459610777204
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:mgmU7sGiPkPYBxz9AcSIMKHIwjAwREJKVMjNiT7llj63rhJWlPvKMi5eQWiYJsWR:mg0cPKz9lSXRjMkaL258Gh1dRu
                                                                                                                                                                                                                MD5:114BE9E725B3E34F26798EEE03AEB7A3
                                                                                                                                                                                                                SHA1:AE2B4E62888F8B03FB8D896AEAB6C3EB8D11793B
                                                                                                                                                                                                                SHA-256:F95506C669D3994DE484E61529E1EF56DF8F7B88E28A9DDD9F9B3A2FCA958FC0
                                                                                                                                                                                                                SHA-512:4EAFDC76D4B06EBB0D1405F3D68CE518BE925C4444234B5ACADE27CB07F29A2E11DE6093389A89A468D87A55638DC38970EDDC4355D52D0FB45F3C8CE8251D05
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.!...t.*...v.?...w.L...y.R...z.a...|.g...}.y...................................................................................,.....d.................n.................^...........".....J.....-.............................'.....P...................................A.......................Y.............................................................................I.....u.....r.....m.........../.....R.....`...........H...........r.......................L.................S...........C.....\.....(...........A.....l.....(...........C.....e...... ..... .....!....-!.....!.....".....".....".....#....W$.....$.....$.....%.....&.....'.....'.....(....;).....).....)....?*.....*.....*.....+.....+.....,....4-....Z-....e.....0/...../.....0.....0....w1.....1.....1.....2.....3.....3....-4....-5.....5....q6.....6.....7.....8.....9.....9.....:.....;....z<.....<.....=.....>.....>.....?.....?.....@.....A....8A....WB....4C.....C

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\he.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):693623
                                                                                                                                                                                                                Entropy (8bit):4.662873246769769
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:nBISxF6XshWxF28kO0hC6r6TkvWqo/5HEajACEXbheQCapGr5hA3o9dBj5HlmmEq:nm++1L5oo1
                                                                                                                                                                                                                MD5:6C6DBBF3DADE579939E27728DF66EA2C
                                                                                                                                                                                                                SHA1:68BC11E532FEE1AAD3668F510CD276229B3EC7F0
                                                                                                                                                                                                                SHA-256:08A95A59D8AD6FD28D52723F5EF5E0796265B2518DA44236CB4E5FC0B90FD6BD
                                                                                                                                                                                                                SHA-512:594C2C897D612AF6CA8AC25FEE2960EBFCB6DD90CBBCC0324245714137EBF77369879D0E28243A370AB429ABD27768BAB860162383E31B8BB1A10667FF129466
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.>...h.B...i.S...j._...k.n...l.y...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................#.....+.....3.....:.....A.....H.....I.....J.....L.....c.....|.................w.....-.................a.................8.........................................[.....}...........r.................?...................................7.....g...........~.............................m...................................k...........2.....K.......................?...........%.....P.....}...........g.................C.................2...........$.....d.....w...........m.................<.......................m.................-.................V.....i...............................................9.................8.....\...........S.................a.................Y...........!.....B.....[...........>.....o.......................................... .....!....>!.....!....f".....".....".....#.....$....\$.....$.....%....o%.....%.....%....x&.....'....e'

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\he.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\hi.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1188400
                                                                                                                                                                                                                Entropy (8bit):4.311084623750104
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:awUn/nDN4+YNa2yG8cmV/BB0ZV1d1OuOXRLXW3Jpj0TByntDPtDlEpgs4u/8Wiwz:awKUp8gS55k5RhgN
                                                                                                                                                                                                                MD5:A4F071EA16CEBD5EE301DACBC617B9C3
                                                                                                                                                                                                                SHA1:CF46E5E856FAC54382B04DAA7FCFC325A72DAB12
                                                                                                                                                                                                                SHA-256:942AE41EEBD2839A2C00E2B4C9FA53DAF3730CF97AD68FA3132A42AF03D8B2A8
                                                                                                                                                                                                                SHA-512:A2E8AC957BBF847C33347660B06D2F12758A882E12A8CFA460FC1729FC0FDF240A381EF277DF79ECFF1FE95C7C56E2ED1B71B31AD455565EB89580B00FC0F620
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........y$..e.,...h.0...i.A...j.M...k.\...l.g...n.o...o.t...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....\...........................................................q.............................B.....5.............................@...............................................5.............................B...........h.....*.......................a...............................................................................................l.................}...........W.....p.....G...........l...........\...... ....n ..... ....=!.....!....="....Y".....".....#.....#.....$.....$.....%.....%.....&.....'.....(.....(.....(.....)....-*....z*.....*....A+.....+.....+.....,.....,....x-.....-....(....../...../....K0.....0....Y1.....1....(2....g2....[3....74.....4.....4.....5.....6....L7.....7.....8.....:.....;....5;....C<.....=.....=.....=.....?.....?.....@.....@.....A.....B.....B....DC....AD.....E.....E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\hi.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):536228
                                                                                                                                                                                                                Entropy (8bit):5.515391862763459
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:2I0Cw2NeNyfAXqYPTXeXC/i0qraKbuc6baBV08L8buo+wKxr05Yp/ADtOSAqb+HS:/Jw2Myo5uSK6VyOcwav+3mJ5UN72RwGc
                                                                                                                                                                                                                MD5:886D145D04CB1AA7CF6CAD7462412B39
                                                                                                                                                                                                                SHA1:754B7A17BD17CCC182623B7CEA7680B0D4191BD3
                                                                                                                                                                                                                SHA-256:F0F4AD264CC98AD734FB9CF61301E39EF76445F937FE222165E6722E366D3831
                                                                                                                                                                                                                SHA-512:F38F145D4F7C7735AB0FC6539F2D18AE12AE59E92513FD83403020FAA74DF6BAAFE86E503B5ED39249C2B537F6B9AF0B1E3E735E764EB3BDE38CB109365140FC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.+...s.<...t.E...v.Z...w.g...y.m...z.|...|.....}.......................................................................................................5.................".......................U.................4.................D.....Z.................F.....V.................$.....4.................9.....^...........[.................6.......................]...................................>.....Y...........r.................W.......................5.............................G.....h.....x...........;.....r.................6.....d.....s...........>.....v.................3.....^.....n.................F.....V...........F.......................L.....n.................2.....Q.....q.................G.....^...........=......................._.......................g.................9...................................f.....x...........`.................+.............................b.......................n.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):577216
                                                                                                                                                                                                                Entropy (8bit):5.643930100645207
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:Ftqi2u7XLYTtOLFIHPs6TBAr7katVIB5HwzFZfpOHYGhQU+zGXevAu5ARDCetGzH:FtD7DLGiIACB5HwzIdLIAu5tg2
                                                                                                                                                                                                                MD5:78730A55F4734A3FD79DB335B2F92773
                                                                                                                                                                                                                SHA1:297069635184682E55D1A9A1B81CF197E0E22427
                                                                                                                                                                                                                SHA-256:39D86CD35876AE9DE3A5A85B81C1171E2011AD64AEE7F4BB6954B49C91C25AE1
                                                                                                                                                                                                                SHA-512:0325C92776C99C0CC8FB1A28DF3EE69C2414D3A1074918F969691D26F8BB89C4F5694A590F93D5ED82EB06A2B1A3F3E410722FBA2496FB41E842B0B397C06BCE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.H...h.L...i.]...j.g...k.v...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....W.....g.....}.................T...........u...................................f...........L.....f...........^.........................................(.......................{...........-.....^.............................s...........(.....:...........!.....c.....s...........v.................k...........W.....v...........j.........................................).......................q...........M.....d...........n.................>.................+.................W.....l...........r.................C...........(.....>...........".....I.....e...........0.....\.................L.................4.................&.................................................................c.......................%.....4...........[.................s ..... ....:!....V!.....!....$"....U"....q"....."....b#.....#

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\id.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):476028
                                                                                                                                                                                                                Entropy (8bit):5.379776378917239
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:uYpLKyTWkaF7DsFPgvf+cVnjHFl6mik4c158ghSwkK5NcSz97IEji4QH/:JKDlDig5VnjHF4m34C58ghm/
                                                                                                                                                                                                                MD5:FC1B7DE05FB68AF250C9C5970FDAA3A6
                                                                                                                                                                                                                SHA1:40110A5FC5042D8CE4A9B97410B8F73039697419
                                                                                                                                                                                                                SHA-256:4085C8CC4DCEC822A496CD330AD974322C9EDF83C5B752596960DA1FBA809704
                                                                                                                                                                                                                SHA-512:F15703EB35D007578BF9DAF0E0D52F0F8DAB72CF5E013EE9A648CB8B5F054DAFB1CD2543F220D63BDD8594BFA552446BD0C854BFB7AC300F40CC27248677336F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.t...h.x...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...............................................:.......................Z.......................K.......................g.......................j.......................H.......................2.......................:.............................z.......................Y.......................Y........................................."....._.....z.......................C.....O.............................v.......................].......................8............................._.......................F.....x.................9.....o.......................".....3.............................\.......................=.......................!.....].....w.................7.....e.....t...........0.....l.................}.................S.......................f.......................<.....}.......................k.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\id.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\it.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):532202
                                                                                                                                                                                                                Entropy (8bit):5.283769478628022
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:OauoBrrffQgCI1xO2+NjXeNDYISIqRRRsO1StbdRT9TjexvqiBELqbPpzHi9fLwx:OLoBnffQgsRAPZqV8bmEKUwA5m4oD
                                                                                                                                                                                                                MD5:19925C7650E0D4A1109C29B7F7081712
                                                                                                                                                                                                                SHA1:98D6BFADF1D3987C048A691D6E3B92B4C6795677
                                                                                                                                                                                                                SHA-256:3509A16F733840F0C7DD20BB9D181473322EB7C806218552C125800812C4F329
                                                                                                                                                                                                                SHA-512:8096FFB842466640234F4385A26387C6636626E179D807B629870356E7AD858BF2D9D9F463B6E13126B34EB41363F31E32F2DB4D292C0FCB96974D631172B84D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.........................................................................................q.................R.................,.................!.................a.................".....I.....W.......................-.................F.....p...........h.................R.......................s...................................9.....R...........L.................!.....m.......................Q.....{.......................A.....L.................V.....h.................D.....O.......................#.....r.......................K.......................T.................&.............................O.............................^.................".....{.................].......................8.....v.................D.............................).................6...................................Q.....g.......................).................4.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\it.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):645756
                                                                                                                                                                                                                Entropy (8bit):5.721459654042235
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:dbWYR6j5cC6JtnRRI6ZyQ2IrWb45h8dxVd:df2cT346ZyQ2Ir/5h8/
                                                                                                                                                                                                                MD5:2359AB9C67CC599B81D414F475D3AF4A
                                                                                                                                                                                                                SHA1:318C6CF3711B28A97732F334DF5679500C1A92CA
                                                                                                                                                                                                                SHA-256:69BBAE5376A179B7CF38E513F497A3E953BBB3B50A90FFBC7F174DDF6BF36538
                                                                                                                                                                                                                SHA-512:04B742830B383198A69B5008A8603003DC88EDE7FA49A3BE9F35BB5C6459DE1EFA2E6CA8D7F162B97E35619E051F1F07D4AFEB45DAE2251D8732D6F5B44E5C32
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........#b.e.....h.....i.....j."...k.3...l.<...m.D...o.Y...p.f...q.l...v.x...w.....y.....z.....|.....}.....................................................................................+.....I.....j...........%.................!.................T.....l...................................v.............................3.....E.................@.....P...........L.................:...................................2.....B.................N.....]...........>.....u...........-.........../.....J.................0.....L...........M.................;.................$...........^.................Z...........,.....;...........7.....z.................w.................J.................+...........d.................d.................4.................K.....l...........X.................`...........$.....^.................8.....G...........L.................!.....|.................t...........|...........(.................. ..... ....+!....q!.....!....."....."....."....."....e#.....#.....$....I$

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1277291
                                                                                                                                                                                                                Entropy (8bit):4.250575799494213
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:OJEPCpA6GYIQJzMUk3Q7X5DiUgcyE+hTKYB:Oon85OUK
                                                                                                                                                                                                                MD5:44E9E82743A4CBFBB4C0B435FEB6A311
                                                                                                                                                                                                                SHA1:6E0961D9A362F1AA4A1CEA067CE33CF6236BDDCF
                                                                                                                                                                                                                SHA-256:FC48834CC2D91E3E3C4BA03427D2F7017B8A1047BCD02F54F00162FCC1B8E892
                                                                                                                                                                                                                SHA-512:D2A8BAD4CC541B1DFD692AF0B26C3E4AF67D63B996339A3E76CFFBBCBAAED13E4DFFC0A94C0566C590033F1838F02CE7A92C392402C71978B4873F5F574AF5D4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$|.e.....h.....i.....j.....k.....l.....n.....o.....p.+...q.1...r.=...s.N...t.W...v.l...w.y...y.....z.....|.....}...............................................................................U.................`.......................7.....?...........N.........................................S...........O...........F.....z.....g.....0.............................g...........(.....7...........o.....u.....I.................'.............................5...........G.......................6...........h.................. ....6!.....!.....!....K"....."....4#....I#....,$.....$....m%.....%....{&....5'.....'.....'.....(....8).....).....).....*....f+.....+.....,.....,.....-..........6.....X/....W0.....1....F1....)2.....2....G3.....3....44.....4.....4...."5.....5.....6....$7....V7....~8....F9.....9....[:....C;.....;....H<.....<.....=.....>.....?....o?.....@.....A....JB.....B.....D.....E.....F.....F.....H....,I.....I....bJ.....K.....L....%M....rM....?N.....N....RO.....O.....P.....Q....SR

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ko.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):542325
                                                                                                                                                                                                                Entropy (8bit):6.086545361822224
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:AbzQTckyVzNRrPyOjXMq5t8OQ4EVhGm6eCqV5b7fuhs8Ptdq7hUomrOe07F:2zQTccwc5F8qb7F
                                                                                                                                                                                                                MD5:356B9A6391D89B870C09DD5EB00DE331
                                                                                                                                                                                                                SHA1:0E2D88BE86C0B66F3C1BD9FCA7AB7A47E38B5EB9
                                                                                                                                                                                                                SHA-256:F87B6BD2FA24DC68B7AD565EE50028867A5C39AE6EB96006848C737F3C69EB64
                                                                                                                                                                                                                SHA-512:5CCFD7E0AC6D1F0D917F48D8429C32E8029DAAA68E2000A4291540DB51D5613FAD3200AE9DDB8FDBF86BA470A7056594977735AFA99EC2FA1857505B196B609C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........#}.e.....h.....i.....j.....k.....l.....m.....o.....p.....q.$...r.0...s.A...t.J...y._...z.n...|.t...}.............................................................................................................S.....q...........J.........................................E.......................c.......................h.......................w...................................).....=.................&.....3.......................#.................-.....=...........@.......................V.....z.................7.....\.....l.................7.....G...........+.....i.................I.....}.................T.......................W.......................U.........................................L.......................<.......................G.......................a.................5.............................Q.......................T.......................g...........*.....8.................B.....Y...........!.....P.....c.................6.....I.................:.....M.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ko.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):582911
                                                                                                                                                                                                                Entropy (8bit):5.634943315491091
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:B+YBAZAMAAxqNmZ9ffdV575zk1rWCo6S6U:BDzMAsXV5m16Co
                                                                                                                                                                                                                MD5:1A2B3A04973DADE71E963BF4460967BF
                                                                                                                                                                                                                SHA1:7F24D5C7FE8EA8533432DD9801B50173658ED496
                                                                                                                                                                                                                SHA-256:9378B20C9413D9B2A870F146F7A151576670DFD61498A71943AF3AB4A99DA44C
                                                                                                                                                                                                                SHA-512:D42E051D2D19264ED961747283595518E3F21346362FCFED9A5D37683FDDDBF043D10B3710AB80FE41011FC0F59AA9A9F38F95B46D67DEF2194F842EE9726FBD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v. ...w.-...y.3...z.B...|.H...}.Z.....b.....g.....o.....w.......................................................................n...........\.....w.........................................a.....{...........r.................<.......................{...........7.....N...........H.....|...........+...................................<.....M...........;.....u...............................................l.................l.........................................F...................................=.....P...........D.....~...................................W................. .................;.....I...........|.................`................. ...........1.....k...................................e...........".....U...........,.....N.....a.............................{...........B.....f..................................." ....` ..... .....!.....!.....!....."....b".....".....".....".....#.....$....R$

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):581278
                                                                                                                                                                                                                Entropy (8bit):5.629069008321948
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:IWud1ph8fFsuRQ28cq39V3yNDtVF6w+HT7c49bkSZub3v5OycNpEX95gosryEAYm:qJFnF7HTw4Okmv5UEN5KyUZhm
                                                                                                                                                                                                                MD5:40066BB6E0592D9892B5C3B09EF19934
                                                                                                                                                                                                                SHA1:2DAAA058A3DF0CE9C480E241EE6D535CCE801B39
                                                                                                                                                                                                                SHA-256:0D2AB7309266FD3C16C3CFC80AF4EF6D1D5FA6F3B9B9DF11A7FF7B9C683F04F8
                                                                                                                                                                                                                SHA-512:83B950285CD13779272FE7BB77F1A299AD872B9569C06A91423F782F3A45AC07965CF5BF32FC503B8E393D4FB73674F359A0462C1315F39F905415DBE4B32875
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$|.e.....h.....i.....j.....k.....l.....n.....o.....p.+...q.1...r.=...s.N...t.W...v.l...w.y...y.....z.....|.....}..................................................................................... .....<.........................................P.....c.........................................U.....t...........S.........................................K.............................a.................D.................*...........".....[.....n...................................&.....v.................b.......................k.......................y.................1................. .................6.....H...........6.....m.....|...........e.........................................~...........q.................L.....g.....|...........{.................1.......................f...........6.....p...........=.....].....v...........z.................F.................!...........x.................v...........1 ....W ..... ....R!.....!.....!....."....n"....."....."....0#.....#.....$

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1328122
                                                                                                                                                                                                                Entropy (8bit):4.28570037951358
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:VAZnI3A2cMmsbbAxeIAxbFDqxn9mMD1UM6DdP6h+4rWZ3elhV5047dCBs/fa3jWp:WI3z5fkUZ3eB5047gs/C3E
                                                                                                                                                                                                                MD5:6D9AED906CDB7F873A68D6CBEE8E9B8C
                                                                                                                                                                                                                SHA1:6B823616FF775214B39947C10EC24F57A7C80265
                                                                                                                                                                                                                SHA-256:EB3B3898B2774ACDD4701E8F689A6F1F0037FF8E00443990992E1F23B3342831
                                                                                                                                                                                                                SHA-512:B2ADCCD595F9AEF333BA6BEFCCCBB401371659FDED1443E9ADA3A19477686E995FD7A06A670747D0522FA031449106C1C8AC1FF5A158E11B44A27DD86006F89B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$~.e.....h.....i.....j.....k.....l.....n.....o.....p.'...q.-...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}...............................................................................`.................R...............................................a.................................................................Z.....K.....,.............................6.......................................................................q.....................................................0............ ..... ....,!.....!.....".... #....N#.....$.....$....2%....f%....H&.....'.....'.....'.....(....G).....).....).....*.....+....!,....U,....A-......................./....g0.....0.....1.....2....=3.....4....A4....+5.....5....]6.....6....Z7.....8....N8.....8....l9....9:.....:.....;....@<....(=.....=....F>....*?.....?....R@.....@.....A.....B....LC.....C.....D.....E....GF.....F.....G.....H.....I.....I....$K....+L.....L....;M....iN....dO.....P....WP....HQ.... R.....R.....R....)T....8U.....V

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1093518
                                                                                                                                                                                                                Entropy (8bit):4.316650086169052
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:X7N3wwLpfU4zI/OhM0faJqGHi/ZN8853pj6PF:rpMNB0faJqUihNR53pj6PF
                                                                                                                                                                                                                MD5:B05DA3E44EC560BBCB731CC7FDCDFF1A
                                                                                                                                                                                                                SHA1:B99910347E6512E4E3ED2134FF673ECE441F38C2
                                                                                                                                                                                                                SHA-256:AB8BDA8C04759A737797978EF1AC7D070116E340BDEA977A62C10176453B8B57
                                                                                                                                                                                                                SHA-512:EF7CE42A913D5F57D059CEB9170767CB650BBE176906204D8C8002268210AA09FA008C9186EFD48A2320094972BE286DCFE70271236D1B9D71FF2BDF41F37FFC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.B...h.F...i.`...j.l...k.{...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......#.....(.....0.....8.....@.....G.....N.....U.....V.....W.....\.....~.......................c...........Y...................................$.....Q.....'.....x.....~.....{...........4.................".....d.....0...........d.................l...........&.............................%.....(...............................................3...........................................................E...... ..... ..... ....)!.....!.....".....".....".....#.....$.....%....f%....N&....$'.....'.....'.....(....G).....).....).....*....G+.....+.....+.....,....Z-.....-.....-....$/....M0.....1....N1.....2.....2.....3..../3.....3....t4.....4.....4.....5....^6.....6.....6....&8....!9.....9....7:....!;.....;....?<.....<.....=.....>....=?....~?.....@.....A....@B....sB.....C....#E.....F....3F.....G.....H....1I.....I.....J.....K.....L..../L.....M.....M....)N....RN....sO....gP.....P

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ms.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):498590
                                                                                                                                                                                                                Entropy (8bit):5.2545072995804
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:jB+BJOsHx/eSTsewuZnhasxijClMlU0WsUcSc5oo/LOM6QlE0T:V+BV/JfnRxiPlUxg5bKMT
                                                                                                                                                                                                                MD5:2CB91327F761143E84A1B5B5D3065E96
                                                                                                                                                                                                                SHA1:AB43F2FC30C27D968A48A0422EEA56BFA7B77623
                                                                                                                                                                                                                SHA-256:241F8F0FCD42B5A0081A95564541311D6BDBECB1639671181C151DD34DAB055B
                                                                                                                                                                                                                SHA-512:3EEAE835F4E9F51D5D0475CC7E0027E9504A7ED2A65C2B0D452771FDF87EF1861C706194F3D44C7966FAC3A875B12F1534E66AB2471D70EC95277EC5356DF9BC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$u.e.....h.....i.....j.....k.....l.....n.....o.#...p.0...q.6...r.B...s.S...t.\...v.q...w.~...y.....z.....|.....}.....................................................................................-.....D...........K.......................|.................3.......................e.................(.............................s.......................u................. .................T.....l.................9.....B.......................#.......................-.................q......................./.....A.............................f.......................L.......................Y.......................R.......................B.......................2.......................@.......................c.......................K.......................,.....x.......................a.......................A.....Y.....e...........&.....W.....f...........3.....t...................................V.......................n.......................J.............................r.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ms.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):485305
                                                                                                                                                                                                                Entropy (8bit):5.427430274456003
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:Y2OH60YwXEAS3e5hzahx3zwOp7fjB9ghm4C9/e8G5yV4VVzhhdCrQjWj:LOgkVch1zwOp7fjBcqW8G5yV4V9OQjWj
                                                                                                                                                                                                                MD5:6902EE821D9669DCD5A4217B3EB2257E
                                                                                                                                                                                                                SHA1:97A9EF051A83A56F3DE3A01503E6F4C06702E5C1
                                                                                                                                                                                                                SHA-256:B88FAA8B9A24EFEFA383AA8F75330C279FCEDD5766B05E5B4FD0ABFA6C9D9623
                                                                                                                                                                                                                SHA-512:1AEDB4AA16C616DE8CA132424D3ADC3308AB01C9DABBA950072B51746CB2F820BB1804979397D4ECEE8B6B6ED60F3058FC516CDCB590CA7DA1EB130DF68B382A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z...............................................................................................!.......................].................5.................#.......................1.............................x.......................y.................(.................J.....m...........z.................T...................................U.....o.............................N.............................o.......................R.....w.................N.......................Z.......................`.......................U.....~.................L.....z.................r.................(.............................d.......................I.....k.....}...........j.................;.......................A.......................V.......................d.............................-.....w.................h.......................C.....`.....n...........8.....g.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):499939
                                                                                                                                                                                                                Entropy (8bit):5.367097595300497
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:3cwm9ullbWusag/P5q9C5stoxFGp3wRQOTn:1m9ullbWust5q9C5sqxFGp3wRzD
                                                                                                                                                                                                                MD5:0E4DEB9E17F3D9FEA1FD8FB706E96989
                                                                                                                                                                                                                SHA1:31B5BED538C5B8C93E9D1FCDB6CE1EFF1280682C
                                                                                                                                                                                                                SHA-256:BFB94507F74535CFCDF7FFC6F9F2988553EB0D1C7FD9B82C6C4EEE03AC1A9C89
                                                                                                                                                                                                                SHA-512:C29EE57EC12201D01CE8D47ADFAED10A83E4B69B77726AE071A675F6972DD1F843B1BDE29A504B5968C97EBEFBC60AF2ACAA0BE93D971BB7F9840C65E9142B54
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.l...h.p...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....z.............................G.................&.................2.....F...........-.....r.................U.......................M.....v.................1.....Y.....g...........?.....v.................o.................&......................./.......................Q...................................Y.....r.................5.....I.............................k.......................Z.......................\.......................A.............................s.......................h.........................................@.......................1.....|.......................j.......................v.................4.....{.......................q.................5.......................l...........B.....S...........A.......................s.......................\.......................R.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):560590
                                                                                                                                                                                                                Entropy (8bit):5.754015492472574
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:E1CokumWoOB/V4U/FmfQfXU6HAEb9EP3CUd1e3m0UQEmw1Qhisf5eKt4HtzJ:E1CG4+H01Qhd5ud
                                                                                                                                                                                                                MD5:75560AD7D60EA2B46A3023817B290E71
                                                                                                                                                                                                                SHA1:9E58502C56284BF4EF2CB533283C4F22E1670C47
                                                                                                                                                                                                                SHA-256:E88363E98339C09F933A0D73BB9FDE15039E2DC5C47FDECA80CC9E1FF81DA7A8
                                                                                                                                                                                                                SHA-512:1EB1BB35B5AF35C9943D1C41EC4A8057AD96B83F7C260AA0A1533EA63DF58D50DFF3C5E3C1FE970CF74785D60AF50EF628E540954D5A736B6E06DF63AC8FA033
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z...............................................................................................(.......................{.................Z...........$.....B.................F.....\.................=.....Q.................P.....b...........9.....o...................................h.......................~.................&...........#.....n...................................w.......................7.............................I.....j.....x...........A.....z.................I.....|.................C.....t................./.....[.....k...........'.....[.....l...........V.......................U.....r.................2.....S.....y...........(.....i.....~...........P.................#.....i.......................Q.....w.................p.................R.................,...........".....e.................J.....w.......................7.....F.................\.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\pt-BR.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):525928
                                                                                                                                                                                                                Entropy (8bit):5.4293810403420535
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:1k+umr1MJbNBXBLEsf7gyq/55KJuS00sRhkFYK:du5K5sJfsRKFR
                                                                                                                                                                                                                MD5:491724E51087BA846E4A944CCA0814B5
                                                                                                                                                                                                                SHA1:9CF9C58C6BA95DC88AF32B68D23511CC9286B190
                                                                                                                                                                                                                SHA-256:9B249F2F8FB63E45F7BC6BBA802D2D852BB2F3EB43F83994E79B26D90F667881
                                                                                                                                                                                                                SHA-512:49F18BF9EF75BAA4CB01A56C2820ABC909E9B9C213EC1BA4BFDD1337AD9515F0CEAB8E31C89E3749634F841545CE1E7E5BDB854F5273E7A2BAC8ED9147C2A4F0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s."...t.+...v.@...w.M...y.S...z.b...|.h...}.z.....................................................................................................).......................m.................I...........5.....R.................Q.....f.................6.....F.................%.....>...........2.....x...................................x...........$.....5.................:.....N...........<.................4.................$.....s.......................S.......................Q.......................T.......................W.......................9.............................g.......................\.................).......................^.......................-.....y.................P.....{...........$.................$.....p.......................v.................@.......................~...........X.....n...........o.................H.......................".....n.........................................O.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\pt-BR.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):528471
                                                                                                                                                                                                                Entropy (8bit):5.404523022029093
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:bbsPm2EkN8QlFYF8fieJVJJxham4kR5fVCO5aKEHSRPF:bbx21slO5aKUSRd
                                                                                                                                                                                                                MD5:EBE41C9A475C65AA4DA33EB423CBFE79
                                                                                                                                                                                                                SHA1:78D07B2E5617DB8D9FFAA03A95138662FAFBC493
                                                                                                                                                                                                                SHA-256:284E2E6B7FD6A247F1DDD2860BCF2FB4F4C6ECF34ED68D8F7A8C2049AB61E2CC
                                                                                                                                                                                                                SHA-512:3B09F4F54B25AA2209AC8DEBD4D642201AB198956502DF39AD4F39EBF3A0520E5B8874E74EDAC98B41E328FF4875F7EC4039D2B4EABBBAFCF548715CCE4B96B7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.#...q.)...r.5...s.F...t.O...v.d...w.q...y.w...z.....|.....}...........................................................................................*...........>.........................................k...........K.....f...........Q.......................\.......................=.....j.....|...........j.................P.................(.................A.....N.................M.....].........../.....{...................................[.......................F.......................>.......................N.......................V.......................A.............................p.......................^.........................................>.............................V.....p.................E.....r.................e.................4.....{.......................e................. .....q................._...........:.....R...........B.................'.......................6.......................).............

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):546764
                                                                                                                                                                                                                Entropy (8bit):5.454463666754963
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:vKKk0VgRYLfXSAfTCeVootxZIXPK8XGp5ajoUs2f/fO53:v7kAfXSAm4oojZEi8U5koU/Y3
                                                                                                                                                                                                                MD5:28F53F79B903484B19E9058A0185EF62
                                                                                                                                                                                                                SHA1:BD557C05F6B3EA55BC346704414872980198BC9D
                                                                                                                                                                                                                SHA-256:CD38E5A8A4C3FEDCFCD1DE513BCA330E42BB1F765ED8520F14A9D0CEE05C5014
                                                                                                                                                                                                                SHA-512:A0D0EBA1778BE43E5D7DCC469C0C11FFFFB944CDFB13B39E907DBA15A153C8840D499BDDA4706B60FE369036A7AAD77307759F46DAF7D7FA6EC30175026A6A7C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................m...........K.....e...........&....._.....s...........z.................k.................5.............................n.......................}.................E...........3.....x.................z.................B.......................Y.............................%.....z.................G.....e.......................=.....Q.......................&.......................&.............................q.......................K.......................*.......................E.................'.....y.......................I.......................H.......................c.................N.........................................-.....H.................L.....a...........^.................S.................).................8.....P.......................(.................e.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):894248
                                                                                                                                                                                                                Entropy (8bit):4.853777212022142
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:fT6txnsfQjRo4Y+7VMh/K69zJ9fx+aAmamqSGsN0zqcnYH8eXN2hPO3j/7rbzvM5:f0eno596E3
                                                                                                                                                                                                                MD5:EC048E111E16BB45E5DFAA79E2988B61
                                                                                                                                                                                                                SHA1:F3DDD9903C10C8A9813B8E43898CC746C343DD1B
                                                                                                                                                                                                                SHA-256:F9DB82DF1F589383B7C69AE86855657D2C129E45D28D88D5EB9C231C7673FD19
                                                                                                                                                                                                                SHA-512:775CC311258370519A8F037E55AFDA3F9B2DFEEFC5DC2F5CEE277C114CABB07284080C9686C5B6FB4BFA4BA0D1B381068E81233AB1D376550399AF4E0D62C803
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$D.e.F...h.J...i.[...j.g...k.v...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T.....q.............................N.......................0.......................a.............................d...........M...........U.....x...........*.....n...........9...........+.....g.....Z.............................*.....|...........X...........9.....^.................@.....m.....q.....k...........:...........M.....z...........;.......................|.................7...........<.....u...........@.................?...........B.....}..................................._.......................0...........|...........1.......................q.............................).................. ....K!.....!....."....."....."....##....5#.....#....d$.....$.....$.....%.....&.....&.....&.....'....?(.....(.....(.....).....*....8+.....+....6,.....,.....,.....-.....-..........C.....\.....4/...../....Q0

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):563868
                                                                                                                                                                                                                Entropy (8bit):5.811666883187016
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:4pbEf/qsokgDV+yHih+BD5yTlcLzTlXLPxt9+:+Ef/qsy+yND5fL9ltU
                                                                                                                                                                                                                MD5:66268D564F98800BA9089E18FB6FADAB
                                                                                                                                                                                                                SHA1:9EC5E96E9387EEA89FF80CF9830941AC5FA39B5D
                                                                                                                                                                                                                SHA-256:5608658D3C119F72B3FF286E5242958ACA3B52A49B3A11E1E8E0814A80A816C3
                                                                                                                                                                                                                SHA-512:E912049C309E2A50D4FECEFC84D8C7A3C8FF16D1783AE50FDF4A21DF77BEE78287FE46D41D915AA79330252B1453FF73B32E21FAFAD4BBE4A002A647BACC73D1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.&...v.;...w.H...y.N...z.]...|.c...}.u.....}...............................................................................................K.................O...................................m.................X.......................w.......................r.........................................}...........I.....l...........c.................).......................m...........'.....>...........c.................1.............................{.......................t.........................................K.......................`.......................q.................2.................>.....Q...........k................. .....n.......................R.....n.................M.................%.......................g.......................k...................................8.....R.........................................0.....Q...........".....Q.....e.................6.....J...........A.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):541701
                                                                                                                                                                                                                Entropy (8bit):5.482723097852039
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:9b6vo8B2XKjcELn5C+cyJHjgMi/fzXlqc:9+voROLn5C+c4i/fzX7
                                                                                                                                                                                                                MD5:1DA905D46439A65753AAAC5E0B24CA3D
                                                                                                                                                                                                                SHA1:89D9B714965B5E0275E9FED8AA1191B6E598F7A3
                                                                                                                                                                                                                SHA-256:9EA136F6A894EB265D82BE30636989977311440B9B88281502BE78B3F853433A
                                                                                                                                                                                                                SHA-512:FD5D59FA0975A565083183625D496AD3D4E82361CFFA9A63DD92FC3213A49FE44FAEF778C88643F8DCFDEE900893EF739DF94C378232ADB18E4F68538E6F8036
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.p...h.t...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.&...|.,...}.>.....F.....K.....S.....[.....c.....j.....q.....x.....y.....z.....|.............................Q...........3.....L...........".....S.....d...........p.................D.......................I.......................;.......................M...................................8.....Y...........7.....q.................[.................'...................................b.................7.....N.....f.................;.....K.................0.....C...........&.....b.....v...........=.....p.................g.......................y.......................}.................,.......................P.......................8......................./.......................V.................)...............................................*.................:.....R.......................'...........\.................[.......................W.......................I.............

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):831714
                                                                                                                                                                                                                Entropy (8bit):4.786121688044425
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:EW7T2A7Ey2LYheWId1OShdEudPNRaIA1ID5f01KxVxz8/8W37ZjejM/k/u:EWHDS8mD5lxLS
                                                                                                                                                                                                                MD5:049129712BD8F949525470590E78FD55
                                                                                                                                                                                                                SHA1:E4E8CEE1D2B3907BE2F87982D5746748E7631B6D
                                                                                                                                                                                                                SHA-256:9E5FE2354ED58CDBC1EC6251FEED967643B6E251CD05B83EA05C87A958A29937
                                                                                                                                                                                                                SHA-512:11F3C9CBB29CF798D570A2546133A7888277A2B9D6DAADF2225CCFF0681F2976A2A7E334AE52246DBFB48D1EEBB4CA9312B45965269C022D854C145C2241D4B7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.(...t.1...v.F...w.S...y.Y...z.h...|.n...}.....................................................................................0.....e.....R.............................,...................................I..... ...........:.....o.........................................Z.....q.....C...........2.....m.....m.....+.......................S.......................3.......................W.........................................\.................%...........*.....d.........................................<.................o...........D.....e...........~.............................C.....d...............................................% ..... ....+!....c!.....!....*".....".....".....#.....#....L$.....$.....$.....%.....&....y&.....&....l'.....'.....(....>(.....).....).....).....*.....*....m+.....+.....,.....-.....-....q...........}/....'0.....0.....0.....1....&2....y2.....2....$3.....3.....3.....3.....4....c5.....5

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):488477
                                                                                                                                                                                                                Entropy (8bit):5.539514294311883
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:gyxFxoU7x5t18Owzfn/lAFKxwucsX9n4RFcnqS83G6iMZSOwDE/xWcqVJ5iJu5Cp:gyxrgxzCFfI5j5Cxv
                                                                                                                                                                                                                MD5:CA76995C98ABCF4B3CCB278E17BE90B4
                                                                                                                                                                                                                SHA1:33B67943BB2FCA6179C25188A9AC65C77A0BF405
                                                                                                                                                                                                                SHA-256:84CD72BEA2768AE658E8CB625EC042CECC221E2B4CB028B44979B5E4F603C88D
                                                                                                                                                                                                                SHA-512:4104625E8ED872FA900ACD5DCE242AD368116A7B663451DA7586CE7C172652F37AA3A4D1EBB08460998795215539CE19FACD3C21169585E3B72AB60725D4B5F5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.@...h.D...i.U...j.a...k.p...l.{...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................%.....-.....5.....<.....C.....J.....K.....L.....N....._.....q.........................................e...................................n.................W.......................b.......................a.........................................X.................0.......................(.................D.....T...........P.................L...........:.....Y.....................................................c.......................W.......................d.......................Y.......................I.......................@.......................K.......................`.......................9.............................Z.....{.................e.................0.............................w.......................m.................8...................................U.....{...........G.....w.................$.....B.....P.................=.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):513900
                                                                                                                                                                                                                Entropy (8bit):5.344746054879102
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:cpIXyATLXIuOcoW5ruCERdSUrbQBDFY6DDJ8cZgL6529b9uyO6IKPe/Br2tfj:ccyZo5S3
                                                                                                                                                                                                                MD5:556EB2D19EF88DEAB234ACC582CD59D8
                                                                                                                                                                                                                SHA1:21E5866D6DEC80D7A7299D7D79A14C5EA0C099E4
                                                                                                                                                                                                                SHA-256:F37FB8280F36C1188EB52B20E87321FC90ADF667EAEECBA99D7987836DE26892
                                                                                                                                                                                                                SHA-512:4C5BA5F782DBE58649FBC12E23997F2F6C2BAE702A429214597CC063918926322945C7194758AF3A88C50D2CB9A2C8CCD323355040A77B2B538CA5AA0312402F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................u...........D.....Z...........).....h.....z...........m.................2.......................$.....w.......................\.......................f.................H.................,.................8.....H.......................<.................=.....Q...........`.................3.............................Q.....t.....}.................=.....I...........,.....w.................6.....j.....|...........@.....}.................0....._.....l...........&....._.....h...........L.......................^.......................h.................*.....z.................F.......................x.......................S.......................a.................#.................u.................k.................T.........................................,.................[.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ta.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1320500
                                                                                                                                                                                                                Entropy (8bit):4.062774531809682
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:BTvvMOEEaXdfBdmXzhqK5xzotR1cA25tm1vYpiMyk:xMb1BOsK5xzccA25tm1vYpiMyk
                                                                                                                                                                                                                MD5:2183EF7EB74F136CD972AEED9FB378CB
                                                                                                                                                                                                                SHA1:B63653C504420EF6FEF72C5D5D6E91D9AF9F4D3E
                                                                                                                                                                                                                SHA-256:B8C4187C5A096FC5F52E39CEA6561E280387EDFB8C3AF31A8880AE4D282FAC6F
                                                                                                                                                                                                                SHA-512:1A1958694555836535CCC1C57F8A0A766A361DEA730FE2713ECF20B0090E74D4E3DAA8456E39ED17E75E939025298BAD422377A5FE2B1A4836AF196F8533A1FC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.j...h.n...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z."...|.(...}.:.....B.....G.....O.....W....._.....f.....m.....t.....u.....v.....{.......................x...........s.....9.....b.............................f.......................-.....c...........1.....2.....%.........................................P.....T...........?.............................<.....R...........8.....y...........D.....u.......................M............ .....!....V!....Y"...."#....v#.....#.....$.....%.....%....%&.....'.....'....C(....w(.....).....*....>+.....+.....,....r-.....-....%....../...../....q0.....0.....1.....2.....3....43.....4.....5.....5.....5....'7....x8....T9.....9.....:....{;.....;....,<.....=.....=....3>.....>....Y?....B@.....A....ZA.....B.....C.....D.....D....qE....7F.....F.....F.....H.....I.....I.....I....iK....|L....]M.....M.....O.....Q.....R....0S.....T.....U....NV.....V.....X....TY.....Z....eZ....i[....V\.....\.....]....H^....w_.....`

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ta.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\te.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1219707
                                                                                                                                                                                                                Entropy (8bit):4.317060924736985
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:UNne1V7McKNpCrWtFwd49+6gb0tQWp5Bi3p1FwPOiTlC2pCgmNFqPZrO0oXAogQN:UNnsM1o5fMB6
                                                                                                                                                                                                                MD5:ADBA9A9C6507AB74F757B72892EE33B7
                                                                                                                                                                                                                SHA1:AB9E424C2300A4E81DDB041F2FA1B14F3855E157
                                                                                                                                                                                                                SHA-256:B1DB19096C91EC4B496BBA41115C0B98DAA64EA0EB2834DDA3ADAC66F3AB8C29
                                                                                                                                                                                                                SHA-512:85A273758EDED695004DDB7926CC0A1AE9604A51EAD202152F2C3DABC96A2FDB780C458BC4AF244BBCC792877901716573262879B2E8A524A015B00A17BA2AAB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$|.e.....h.....i.....j.....k.....l.....n."...o.'...p.4...q.:...r.F...s.W...t.`...v.u...w.....y.....z.....|.....}.........................................................................'.....[........................................._.....Q...........:.............................<.....U.........../.......................B.....Q.....!.............................5.................B...........n.......................o.................2.....u.......................G...........-...... ....g ....R!....."....W".....".....#....z$.....$....&%....:&.....&....j'.....'.....(.....)....v*.....*.....+.....,....X-.....-.........../.....0....H0....g1....72.....2.....2.....4.....4....b5.....5.....7.....7.....8.....8.....9.....:.....:....);.....;.....<.....<.....<.....=....p>....1?....i?.....@.....A....PB.....B.....C.....D.....D....JE.....F....hG.....G....9H.....I....<J.....J.....K.....L.....N.....O.....O....tQ.....R....8S.....S.....T.....U.....V.....V.....W.....X.....Y....IY.....Z.....[....L\

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\te.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\th.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1025905
                                                                                                                                                                                                                Entropy (8bit):4.362277360600447
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:SrS1N9LyZYACTBz1L/LLXPX9s0nIJZgv1V5UBu7L3fBj8BlzEdq3Ro9AGdI9uLAJ:+ou5555
                                                                                                                                                                                                                MD5:E7A2587CD69D383FA3AB0B5A99AE5287
                                                                                                                                                                                                                SHA1:994FBBDA5410D55458F01EE5C6007C8BFB755BBA
                                                                                                                                                                                                                SHA-256:73096FA2EB7575FE9702228BA87090872CFE7E8C89CDFD823294ED03DB5EDEF9
                                                                                                                                                                                                                SHA-512:698E97F34CCCD6743086A27FF13043B72912804A16364F0EDB5DEFB06151AD179ABA344884A10965A418858BE3A2E7747ECB6ED80476F882A7D3E962FF56869B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........#c.e.....h.....i.....j.....k.....l.4...o.<...p.I...q.O...r.[...s.l...t.u...v.....w.....y.....z.....|.....}...............................................................................9.....c...............................................>.............................F.......................;.........................................8.......................w...........`.....W...........h.................0.......................D.......................R.................$.............................................................................v.......................~...................................6.................#.....J............ ..... .....!.....!.....".....#....*#....D$....A%.....&....-&.....&....l'.....'.....'.....(....()....q).....)....F*.....*....-+....]+....},....2-.....-....8...........M/...../...../.....0.....1....r1.....1.....2....)3.....3.....3.....4.....5....z6.....6.....7.....8.....9.....:.....:.....;....&<....V<.....=.....=.....=.....>....'?.....?.....@

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\th.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):524677
                                                                                                                                                                                                                Entropy (8bit):5.617230451618925
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:yoQUxBiHzpR9GcvONqVRgrWBguZSz+iCqQJoCN+HG4ngeJ5wB/R+bi1SGedTAM3Z:UUxBQ1zBEq0yG50qHGA5wB/c
                                                                                                                                                                                                                MD5:B00E05AE3EBAA5A315872F24BE2DDB6F
                                                                                                                                                                                                                SHA1:141160CD3B6A4CEDC2685F347A42FB89ADDE031A
                                                                                                                                                                                                                SHA-256:5AD03FAD2C79731396385A5C3EABFA991BB257886935EE015307931C3C58DFF5
                                                                                                                                                                                                                SHA-512:A6B6546B14EFE3759CE0A38329F3B5FBE13A73D73E3FD681A9281C0C505B579FA07CFAB5C50E4AE6076257F82F67ACC54CB0B9816ABAA890CA7B3F994E8436C2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$h.e.....h.....i.....j.....k.,...l.7...n.?...o.D...p.Q...q.W...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................".....8.....M.....g.............................i...................................^.....y...........:.....u.................1.....X.....g.................J.....\...........,.....^.................s.................8.......................7.......................D...................................G....._.................I.....e...........$.....S.....d........... .....N.....^...........).....`.....m...........<.....s.................E.....w.................@.....p.....|...........A.....u...................................Y.......................Z.......................:.......................M.......................k.......................R.......................j.............................h.............................<.....`...........f................./.......................F.............

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):891860
                                                                                                                                                                                                                Entropy (8bit):4.887779263943541
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:xGft5on20SlRfnqz/T0hNai4IEE52B3IjQAMXES/OuOLNiXEqqbLIyz+4uL2uoU:xG15onQSs5YEG
                                                                                                                                                                                                                MD5:06133217E0FC480E2F43F74AA132EDD7
                                                                                                                                                                                                                SHA1:EB422C32A18A8770CDD4D019B85046A315A6C8CD
                                                                                                                                                                                                                SHA-256:2BB2C2E67CE4F62435FCBB4B3D96253AD5F6065BBD4729CFD44E226B965A7984
                                                                                                                                                                                                                SHA-512:5311CE90877EEB64F05BA039839424B676F67280783A66CC041E388CFC81371B8D779C11CF9901A6B92678C64A3D71945BA4CCD29599E164E4AC1896EE132C97
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........`$..e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................(.....A.....k.................T.......................M.......................[.......................v...........%...........H.................f...........R.....g.....#.................H.....5...........w...........e..........._...........-...........!.....B................. .....M.....<.......................P.............................(.....h.........................................4.................R...........,.....G...........X.................J................./...........B.......................p...........;...........M.................& ..... ..... ..... .....!....+".....".....".....#....h$.....$....W%.....%....X&.....&.....&....`'.....'....$(....Q(....().....).....*....Z*....L+.... ,.....,.....,.....-.........../....U/.....0.....0.....0.....1.....1.....2....Q2....n2....B3.....3....^4

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ur.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):778961
                                                                                                                                                                                                                Entropy (8bit):5.172607429771382
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:JaRqEcN0s8PGmuDltyfHeMK5AQDPEFfWaKxNQYriwadcJKwUUuvco/9NjjFpv0h:Iiwk5qWj
                                                                                                                                                                                                                MD5:99169B41D0BD7F9AC47C88F99E33D521
                                                                                                                                                                                                                SHA1:FD8AAEF710593F22E969EFB3FF25556F1BCD3E5E
                                                                                                                                                                                                                SHA-256:95325A5FC4D46B5BB197751BDEAA600A1A64B55DB798016A853250D9256301B7
                                                                                                                                                                                                                SHA-512:41EFF393E31EBE62B23F18184D19FFE9C79A71C29EFF84CDC289293F529C10D016C19CD948ED39E9336A9CA0E0C2A72FF986D29D1A1969DDF5D98888B3669F81
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.'...w.4...y.:...z.I...|.O...}.a.....i.....n.....v.....~...................................................................................5.....\.................(.....L.....+...........g...........O...........V.....z.........................................T.....w...................................V.......................0.................Q...........M.....j.....=...........w.................H.................|...........&.....N...........9.....v...................................y...........M.....k.........................................S.....o...........k.................V...........$.....@.................-.....X...........h.................^.............................! ....g ..... ....O!.....!....K".....".....#.....#.....#.....#.....$.... %....r%.....%....j&.....&....d'.....'....e(.....).....).....).....*....Q+.....+.....,.....,....q-.....-................./....W/...../....)0.....0.....1

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\ur.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):620353
                                                                                                                                                                                                                Entropy (8bit):5.7924630369242625
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:Ac+gw3uUg+cnwJTroEw/aB1INgsHkL0eetDfL9v2J5WZ8h67InkiNwziMHQQwti4:Ac+gd+cnwJTiaQNgsHg0e4E5u8o7xiN3
                                                                                                                                                                                                                MD5:9626571ADD089F7010CFFF6B8C893EB5
                                                                                                                                                                                                                SHA1:1A933789FDE207BFF34CE255E7E7212F8FDF273B
                                                                                                                                                                                                                SHA-256:D351B4DAF943CE616D66F43A36FDFB390CBF19DF7E729B9D499AF3B16D34C170
                                                                                                                                                                                                                SHA-512:C64A41FC359C3CB4D14C14E274FD7FD4B92BE6A7656374B136EB52C7238334F1CAD4F3363A84A9169A84F71A7E4AABF8B1A25D216D5B1D351FF79C4A8FEC7192
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........]$..e.....h.....i.....j.....k.-...l.8...n.@...o.E...p.R...q.X...r.d...s.u...t.~...v.....w.....y.....z.....|.....}...............................................................................-.....V.....u.....-...........K.....g...........{....................... .................5.......................p.......................e.............................6.................s.......................?.............................-.....y...........5.................B.......................".......................<.................F.....W...........7.....s...................................L.......................a.......................v...................................9.....K.........................................E.....d...........9.....c...........Z.................Y...........U...................................m.................:...........4.................S...........i ....} ....B!.....!....@"....z"....."....c#.....#.....#.....$.....$.....$.....$....i%.....%....Q&....r&

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):449776
                                                                                                                                                                                                                Entropy (8bit):6.685457449005063
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:P1sG8CyOdnkDKzAIa0g7H56+LxCkGDo58WhNyht8g7Lcln:PCGRyOdk2zVad56+LxWo5DhNyht8gM
                                                                                                                                                                                                                MD5:968FC657ACB577D184EA0A716AE5B19F
                                                                                                                                                                                                                SHA1:ED37D428610D950A5897D9B282A75FD537F178CA
                                                                                                                                                                                                                SHA-256:3F774B33B01F86493E7EF1EDEFABC7CF49B58981358438979F32106557C849A6
                                                                                                                                                                                                                SHA-512:859083FDF742AC3B3666AA667F4DA228999C988A2AFF23C158735345996C98CA302F0FBFD1190109D9969F45DA150C79240ED93A8ABB926946B899633BF07383
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......../$..e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w.....|.$...}.6.....>.....F.....Q.....Y.....h.....m.....u.....|...............................................@.......................q.......................o.......................z.................0.....~.......................V.......................5.......................5.......................Q.......................B.......................(......................./.......................2.....u.......................<.....b.....n.................!.....0.................8.....J.......................$.....}.......................b.......................:.......................=.......................N.......................%.....s.......................f.......................I.....}.................,.....F.....R.................4.....F.................=.....]...........F.......................l.......................i.......................1.....O....._.................?.....Q.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):447533
                                                                                                                                                                                                                Entropy (8bit):6.693705796563921
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:dQezZRtkOt3+JmCEW2RuWgehW25LYIz17fxAy0j7zylk6T7:FzZ8OtAEgehW25LYIzVXm7sv
                                                                                                                                                                                                                MD5:756E8E06E626755BBE8E555816729F82
                                                                                                                                                                                                                SHA1:74553DFBE30832B1522E7C7FB0ADCA9E2713D710
                                                                                                                                                                                                                SHA-256:F397B495DB8F47789774FEB5B8A2FE9970DE2E9F22D280FA508D8602FD1DD4DA
                                                                                                                                                                                                                SHA-512:543F9B6C646D6E10A9AAF22CDAEEF2555182481E6A2E292B66DD5FB9F13AAFD67B4FAA2A70DEA1717936482F43FCACEDF1096E0EF6FDA8240A3E93F7F47B85CF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........$=.e.T...h.X...i.i...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............$.....,.....4.....;.....B.....I.....K.....P.....Y.....e.....t.................s.......................k.......................`.......................].......................J.....s.......................<.....I.......................9.................%.....:.......................(.....{.......................j...................................(.....:.............................8.............................O.....r.................).....R.....^................./.....;.......................*.....|.......................T.......................E.......................;.............................G.....a.................E.....W.................5.....X.............................Y.......................D.......................M...................................$.....9.......................$.....d.............................q.......................c.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak.info

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1002118
                                                                                                                                                                                                                Entropy (8bit):5.421493602926462
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                                                MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                                                SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                                                SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                                                SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\natives_blob.bin

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):218275
                                                                                                                                                                                                                Entropy (8bit):5.34737925007636
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:uUKt1rxNpyXcsR/H/UxRjh7uHRcdA4SSSLl/sL8:uUKvrxNpyXcsRf/UxRjhwcdAuY
                                                                                                                                                                                                                MD5:100F66BE85612F7DD095E0F468497F68
                                                                                                                                                                                                                SHA1:6D0B30428726D079AF3DEB3279033C268733DC22
                                                                                                                                                                                                                SHA-256:E8472A5C9291C2B46B7BE611EC994D5E37ED9EC1B473E50DFC9A94C9A923CEC2
                                                                                                                                                                                                                SHA-512:841A90B6B54FEAF47973990882D9A274B4E9F8E850E21A2B94A41B8FFD501969C77003C19B961D180CB2A0062B7E32A5AA6514FB34ABE8F1BA818795A2B91FBD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..mirrors....(function(a,b){."use strict";.var c=a.Array;.var d=a.isNaN;.var e=a.JSON.stringify;.var f=a.Map.prototype.entries;.var g=(new a.Map).entries().next;.var h=(new a.Set).values().next;.var i=a.Set.prototype.values;.var j={.UNDEFINED_TYPE:'undefined',.NULL_TYPE:'null',.BOOLEAN_TYPE:'boolean',.NUMBER_TYPE:'number',.STRING_TYPE:'string',.SYMBOL_TYPE:'symbol',.OBJECT_TYPE:'object',.FUNCTION_TYPE:'function',.REGEXP_TYPE:'regexp',.ERROR_TYPE:'error',.PROPERTY_TYPE:'property',.INTERNAL_PROPERTY_TYPE:'internalProperty',.FRAME_TYPE:'frame',.SCRIPT_TYPE:'script',.CONTEXT_TYPE:'context',.SCOPE_TYPE:'scope',.PROMISE_TYPE:'promise',.MAP_TYPE:'map',.SET_TYPE:'set',.ITERATOR_TYPE:'iterator',.GENERATOR_TYPE:'generator',.}.function MakeMirror(k){.var l;.if((k===(void 0))){.l=new UndefinedMirror();.}else if((k===null)){.l=new NullMirror();.}else if((typeof(k)==='boolean')){.l=new BooleanMirror(k);.}else if((typeof(k)==='number')){.l=new NumberMirror(k);.}else if((typeof(k)==='string')){.l=new

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\node.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18201088
                                                                                                                                                                                                                Entropy (8bit):6.4932256115450375
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:196608:OClFgvw8eWv14jYkndNx/YDB3vOz0hGxxC:OogvwjWN4LdNWDpvOz0EfC
                                                                                                                                                                                                                MD5:D75452669E917D4EB4701F8AAFFCC99F
                                                                                                                                                                                                                SHA1:2FC81479CA44F3D28B58E231C3798E06AA06AF23
                                                                                                                                                                                                                SHA-256:B77F8A9FFCB43FF98A7E8F44ADCB80D20D074FE2552F6DF753EDD711698B21F9
                                                                                                                                                                                                                SHA-512:4C3737F697DA8A0D80255AF1A515F2E5FA6BE27643FA7B24A51577F3D42CD9B636527B69E2C1947C0DC6D62504B6EC38BE0DF5AD1048584BB628E66443C4209F
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Be.........." .........................................................?...........`.........................................x....#......,.....>......P8.Tn............>..t..|...........................(.......8...........@................................text.............................. ..`.rdata.............................@..@.data...p<*.........................@....pdata..Tn...P8..p..................@..@.00cfg..0.....<......D..............@..@.gxfg.........<......F..............@..@.retplne......=......6...................tls....a.....=......8..............@....voltbl.......=......:.................._RDATA........=......<..............@..@.rsrc.........>......>..............@..@.reloc...t....>..v...D..............@..B........................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\nw.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):208823296
                                                                                                                                                                                                                Entropy (8bit):6.697368222848026
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1572864:UtAt+kI758sDa3FD2Ps+hvUzVxi2c0ewtV4DZEFJpHNZZu4XgAijI2Mf3vW4Rl:ArS5VeZwMlw3zl
                                                                                                                                                                                                                MD5:E364CDA0087825F70EF0332E2BE65379
                                                                                                                                                                                                                SHA1:BA9FC41CDDCCB576F022D34C003E86736EF5BF62
                                                                                                                                                                                                                SHA-256:F924FEB13C23A57529054107D2412F16EDF8A31DAC7E8AA6E36EAF86C6A47A7D
                                                                                                                                                                                                                SHA-512:C471264CDCFBB0AB7BE89DA58498C2BA86184917B623C262581212654B0D6549663212A148A5A92FE1342201FD4E9B77CD0478ABE013FA817A0BDC7A9EEF4280
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......E...,.......?...................................................`A............................................C.#....|....0l.`.... ...._...........q..1.. O..8...................0H..(.....8.8...................]..`....................text.....E.......E................. ..`.rdata...a....E..b....E.............@..@.data...P. ..@......................@....pdata...._.. ...._.................@..@.00cfg..0....0k......(V.............@..@.gxfg....C...@k..D...*V.............@..@.retplne......k......nV..................rodata.......k......pV............. ..`.tls....Q.....k.......V.............@....voltbl.v.....k.......V.................CPADinfo8.....k.......V.............@...LZMADEC.......k.......V............. ..`_RDATA........l.......V.............@..@malloc_h0.... l.......V............. ..`.rsrc...`....0l.......V.............@..@.reloc...1....q.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\nw.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2337112
                                                                                                                                                                                                                Entropy (8bit):6.448273621618817
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:9W3aFEhyflDCQ6n85K353JCJ9f98Tplhpgh:owrGjG8Tpmh
                                                                                                                                                                                                                MD5:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                SHA1:C041EFB63894032BE1B8E517B8CBB45454CCF330
                                                                                                                                                                                                                SHA-256:221027FD7E324A31614FDA2DAC69E3B9AF082895FF7C45B6C19D42AA27592DA3
                                                                                                                                                                                                                SHA-512:D689575C7F1430BF0B92AAF50A757F7C9E3DD5E8AF71DACF0911EA484DB79460369455F91B2F480B0F224FE7D0C0199AFD9DB98B65FBA3F3BC3FF430838C5C04
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 9%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........."......8...>......p..........@..............................$.......#...`..........................................e......Rf..d.......2.......(.....#.X)...P$.. ...>..8...................p=..(.......8............n..`....V..`....................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........@...D... ..............@....pdata..(............d..............@..@.00cfg..0............T..............@..@.gxfg...P........0...V..............@..@.retplne..... ...........................tls.........0......................@....voltbl.D....@..........................CPADinfo8....P......................@..._RDATA.......`......................@..@malloc_h0....p...................... ..`.rsrc...2...........................@..@.reloc... ...P$.."...^#.............@..B........................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\nw_100_percent.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):682477
                                                                                                                                                                                                                Entropy (8bit):7.963912396307454
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:7PI3H1fJKjzgsz5B0GDJQrnKs8SNP+QSsSilRBdNz10Vc+gIXsbXoO0TehEr2:83VBK7zEEmPLSOdNz105gUyXoO0TO5
                                                                                                                                                                                                                MD5:93D58EFB8C31214A57515A2AE1D2FD30
                                                                                                                                                                                                                SHA1:64DB5C74C4FD45BF77E33425C1D1E844D245C535
                                                                                                                                                                                                                SHA-256:835E6B02123D59FC73D43F8286ED77E8B7C3963D739C45B81D3AE8E59E60BFC7
                                                                                                                                                                                                                SHA-512:435C4F5404D7EF4402E7A91ED7C8FB486C361B0BA39F09E066BEB3FFE1EE4FDFB2AB28F994494232A781F19696649646AD2A54499F8B6D10C34F823AD319CC1F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..........K...........................<..........;.....;d....;....;8....;.....;.....;d....;....;"....;.....;....;5....;.....;....;J....;.....;.....;F....;.....;y....;.....;....;-....;K....;.....;.....;.....;.....;!....;.....;.....;.....;.....;.....;i....;1....;.....;.....;.....;,....;.....;.....;a....;.....;q....;.....;k....;.....;.....;L ...;.)...;.2...;.F...;.Z...;.[...;)]...;._...;.b...;Pe...;=n...;.u...;.z...;.....;B....;....;*....;....;0....;.....;....;[....;J....;p....;.....;.....;.....;y....;.....;.....;.....;P....;4....;.....;.!...;G)...;.....;@7...;.8...;mV...;.o...;U....;.....;....;.....;.....;B....;M....;.....;.V...;fk...; ....;....;.....;....;q....;J....<.....<.....<_....<.....<x"...<.)...<%2...<Q:...<.?...<"K...<aU...<^Y...<.^...<)c...<.t...<.....<g....<.....<.....<.....<W....<Z....<.....<.....<K!...<.6...<.D...<.N...<.U.. <.\..!<.q.."<n...#<....)<....*<....+<....,<h...;<....<<....=<\...><s...?<=...@<O...A<m...B<....C<*...D<....E<]...F<U...G<<...J<....K<....L<.#

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\nw_200_percent.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1068808
                                                                                                                                                                                                                Entropy (8bit):7.952701382598292
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:k3zBH5zLmmibkFR8+mZRUumegvQt805Uwvd6Wvpbae6edhOLoP4:k3B53mNbkFRJmHURhQC05Jvd64jrOB
                                                                                                                                                                                                                MD5:7B96F3A7FF47C8E46BA847FCAAD26D33
                                                                                                                                                                                                                SHA1:F9B5A958E29CE039F03C775B889FC974B65481E2
                                                                                                                                                                                                                SHA-256:94AFE21E06F098CA7B7C3DC432355503536973D1C377B4D202AB64BCFDE5133A
                                                                                                                                                                                                                SHA-512:FD606264D1B7786A85C901D5A7B851D74F248903B66F0384E947A82E25655D8C8FC081D12BDD6136A366DC214FB15D39A86CDBCA540427BB3C60AECE268AFE3F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..........L.........%...........v................;.....;:....;.....;&....;.....;.....;v....;....;L....;.....;!....;.....;....;P....;.....;.....;.....;....;C....;.....;;....;.....;.....;.....;x....;^....;.%...;.C...;.Y...;pn...;Kp...;.p...;<r...;.y...;Lz...;.|...;.~...;O....;.....;R....;....;.....;|....;.....;.....;\....;.....;.....;.....;k....;....;.....;.....;.&...;.(...;~*...;.,...;.2...;S8...;.M...;.^...;sm...;)}...;.....;_....;....;.....;.....;.....;.....;.....;.....;.,...;.<...;VO...;8c...;.z...;a....;.....;.....;.....;.....;.....;b"...;.:...;.I...;.b...;.e...;.....;y....;.....;.....;.....;.....;.....;$,...;;H...;.Z...;.....;x....;>....;.....;1....;.....;.....;.....<.....<c%...<.:...<.F...<.P...<aW...<._...<.h...<mm...<.x...<?....<.....<.....<....<~....<.....<L....<.A...<.b...<h....<.....<W....<`....<.....<.6...<.d...<.....<f....<.... <...!<t..."<;D..#<.D..)<1F..*<.h..+<...,<?...;<....<<....=<5...><...?</...@<....A<....B<m...C<>...D<{...E<.D..F<.H..G<.N..J<.V..K<.c..L<.p

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1131520
                                                                                                                                                                                                                Entropy (8bit):6.536561027180539
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:KVQ+6Nq2vF73pppDh8oLG9UTlcPwaKD1CK+D3SJ3NVTRmcIMI+nk/owl+GlBfG:KVQDNqyB7zLG9qD1CrDQHNmcMzl+6l
                                                                                                                                                                                                                MD5:7509D69C2896E7B903398DA350B42C8A
                                                                                                                                                                                                                SHA1:6BB535EA3728933A6AA9162950CFC44328E4D347
                                                                                                                                                                                                                SHA-256:BBAF4E0D60D4362E23671301E9ABA75252B1059CD6E1DCF6AD0ACCEC5E115152
                                                                                                                                                                                                                SHA-512:438CEFEC05E62904A8F2F304607EA4E9AB691793F8950EA2FF12B3740B5BF172F29EC40F17921D4DA8A09590BBA01889D81DA8315EA6585076C0B758D9E6A1BE
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .....X...........,.......................................P............`A........................................c~..........<.... .. .......|............0......ll..8...................@k..(...p...8...................x.......................text...MW.......X.................. ..`.rdata.......p.......\..............@..@.data...t....@...@..................@....pdata..|............^..............@..@.00cfg..0....p......................@..@.crthunk............................@..@.gxfg... ,..........................@..@.retplne.................................tls................................@....voltbl.B...............................CPADinfo8...........................@..._RDATA............... ..............@..@malloc_h0............".............. ..`.rsrc... .... .......$..............@..@.reloc.......0.......,..............@..B................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\resources.pak

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4775861
                                                                                                                                                                                                                Entropy (8bit):7.994874833136889
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:98304:KwNkpHyVBJvC85FhbtlvmZEroQRkx3DglVb9ftvoZEMTDEFkddpGh1f5G:y1yVvv9rBChobltvoZEMkFnhl4
                                                                                                                                                                                                                MD5:43735A475FA2486E49C34D1AD8F57DF5
                                                                                                                                                                                                                SHA1:2A987D18F63AC0E686BFBA8E992757BEB1D9F5CA
                                                                                                                                                                                                                SHA-256:4F10CA74584E91BE68D0FB50DB1F96F5D636CDE11F6770870F3C6C8D97C7D7D8
                                                                                                                                                                                                                SHA-512:60BBEB46A2AEE635B8FC676F5A17F32EC0DEFFE6362C6ED239AB5CF97CFAFBAB011BFAE37AC19C3DA0729E90CADCDDAFB8244C69176E08B83637C5350AF78D93
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........C...{..-..|..-....V1....13................T..................^......................E.....G...........5.....r.......................i...........g.................;C.....C.....K.....W.....\.....b.....k....}o.....s.....{...;..../;4...2;m...7;....8;....C;....D;}"..E;32..F;.A..G;iQ..H;.`..I;.p..J;....K;....L;....M;....N;....O;....P;....Q;`...R;B...S;./..T;kL..U;.c..V;.|..W;....X;...Y;....Z;l...[;....\;....];.....<.....<.....<.#...<U%...<.(...<.+...<!1...<.4...<.9...=RM...=.O...=.V...=.e...=8f...=.f...=eg...=.g...=<h...=.h...=.j...=#r...=.t...=.w...=.y...=.{...=q....=.....=q....=....=.....=.....=.....=.....=.....=....=.....=.....=.....=.....=T...0>....1>C...2>^...3>....4>q...5>....6>....7>....D>....E>....F>E....@.....@k....@4....@F....@.....@.....@.....@.....@....$E....%E....&E....'E....(EU...)E....*Eu#..+E!&..8E.'..9E.)..:E.+.._E.7..`ETA..aE.M..bE.Y..cE.c..dE.t..eE.w..fE.x..gE.{..hE.|..iE....tE....uE....vE....~E:....E9....EJ....E.....Ek....EG....E.....E.....Ep....E.....E.....E..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\snapshot_blob.bin

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1198536
                                                                                                                                                                                                                Entropy (8bit):6.0724872991141385
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:HbztrVZr3DoSHdbPOzwxxkNrBhw63E2Lf0Nyi6kJcMcOTN2I0vFi90o1:HbztX3DFA8orXF02Lf0NpJgU1mFi90o1
                                                                                                                                                                                                                MD5:1BD6EACB823E1A4C5F17516B45C85CE7
                                                                                                                                                                                                                SHA1:2693FB26D0ACEEA5001C6C8A4B5FE4B0C1735E33
                                                                                                                                                                                                                SHA-256:34F17BC88B07D6F0C205153E8C85629915EA93EBBF0F82E4C173E292BF3BDB08
                                                                                                                                                                                                                SHA-512:EC72E7E70EA361FFADE06E4324267243CC9907932A8797FCACBA1510745DA521F06365D3D6E48F8753AECAC51530F79D33EE6BADEDEDDE0980E7349E495C4348
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................v.C.....h........p..@....#...........,.,............. ....,8........... ............,8........... .9............o......o.$......o......:<................. .9......:<.......,8........... .9......:<.......,8........... .9......:<.........,8........... .9......:<.................,8........... .9......:<...............uninitialized.....................undefined...........,8........... .9......:<................d....,8..X........ .9......:<...............>........,8........... .9......:<.................=..6......hole....$.........>.....9...,8........... .9......:<..............?..=.:..$....true.......=...B ....boolean.........,...........=........false..................=.~j.........,:........... ..........<.........,:........... ........;.$.......,:........... ........;=.......,:....!...... ........;=.......,:.....H..... ........;=.........,:........... ........;=.......,:........... ........;=.......,:........... ........;=.......,:........... ........;=.......,:........

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):107520
                                                                                                                                                                                                                Entropy (8bit):6.3572540880058
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:wB0bzVn8icEY9OkFwaMZsDV4AcVrvsoEX4vpTb/sW9cdS8h5TQ0y4oVPYT:wyt8pEiDV701vJaSKq4o1Y
                                                                                                                                                                                                                MD5:973BCAD92FB7B30AB5A7A2F35E2EEB24
                                                                                                                                                                                                                SHA1:594477D5FF4626B2CA72E485DFAF53CE8BDF497E
                                                                                                                                                                                                                SHA-256:750CBA685EE7B85E87D4843F3AD9C549CB22E6FF90247373823CDA16DB7E2141
                                                                                                                                                                                                                SHA-512:144C362423CE4D5C3F6A45FAB4E9DED409F06764E5497B5D03E67EB51C5860F38DDE631553D6EF6468C0FBDFAFA7B4B474C2AC913F57C6AEC81665BDA1375536
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................................E.......E.......@.......E.......Rich............................PE..L....,.Y.........."!................ti....... ............................................@..........................}..........P...............................|... o..8....................o......Xo..@............ ..@............................text...p........................... ..`.rdata...i... ...j..................@..@.data................|..............@....gfids..............................@..@.tls................................@....rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2013184
                                                                                                                                                                                                                Entropy (8bit):6.726531618207793
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:pIcO8JVs8rBf5ACKu43D6YMu+46+/imfywoMuF5P3Rv:pFO8JHBfIN3D6YF+ItywoZd
                                                                                                                                                                                                                MD5:1196BE50E7F9F56901865C0CFA76CA3E
                                                                                                                                                                                                                SHA1:5384443AB344DBBF558E0CFC155CBACE89121871
                                                                                                                                                                                                                SHA-256:2389E02AAB2A20D1067F4E6AC9D0E1961B99B64AA539A967842B3F60AF450365
                                                                                                                                                                                                                SHA-512:E9954D974E70F56E3FDAB4F1A3341F9A960E3D8BA4FFC26F26D1E0562F38E75FAF1627AF81E143E3DD25ABC780FFB4C37F339B6783637EA414B4AE485EB3D609
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........y...y...y...$..y...$.!y...$..y.......y...'..y...'..y...'..y...$..y...$..y...$...y...y..gy...'..y...'.,y...'...y...'?..y...'..y..Rich.y..................PE..L....,.Y.........."!.................6........................................#...........@.........................`z......D...d.....".......................".....p...8...............................@............................................text...Y........................... ..`.rdata..:...........................@..@.data...............................@....tls..........".....................@....gfids........".....................@..@.rsrc.........".....................@..@.reloc........".....................@..B................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\v8_context_snapshot.bin

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):647441
                                                                                                                                                                                                                Entropy (8bit):5.091753770132809
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:yuJR9fWrgHbhaM1IW0mh3pXWz3WUUML5DSlGkMeiWxDhU04jh1qH:BJH3swIsdWz39Uc52lGkHiWA04jh1C
                                                                                                                                                                                                                MD5:E59FAEDF525C663FDE4C6BCD3C77920A
                                                                                                                                                                                                                SHA1:6388193081D87AE3FA2FCD546790D2D9C4C4E006
                                                                                                                                                                                                                SHA-256:83A73E2B5A458B394ABA65A3F9ABA0FC1FBD9520D07858A2C1E8AB8CCDB5C7DA
                                                                                                                                                                                                                SHA-512:F65B02E0CD828F93B76E0DD8E68CAC1563102798B1FE820D801DD67ED3E02FC2902106C9E60E0DF96E11DDB3EABD2AC30DBF5D23D8F47085A755F299FAAC69FF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.............b].11.9.169.6..........................................................YI..1|..i)..Q...............a........a........a........ar.......a$.......a............m....m....n....n....o....o....p....p....q....q....r....r....s..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....L...IDa........Db............D`.....1.D`.....D].-.D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4491776
                                                                                                                                                                                                                Entropy (8bit):6.299524374544543
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:KU82lTQcFMkjVGWalGA0GmK3jrmz5xbQ87uhvMxqyF2k2gwUIukCN/ET8CPhmQJF:u+TJXIfw05PhLJVS0Dy
                                                                                                                                                                                                                MD5:5A3011F59AD6ACEDA78A8F42BA7CFA1E
                                                                                                                                                                                                                SHA1:CE61A5ACAAFBF7464D9A26DB762F9F661E6E9AAC
                                                                                                                                                                                                                SHA-256:39612549C82C10B8A8E8072F2FAF17354D8CCCD3EEBA1D5FDA9C50FF547FFE5D
                                                                                                                                                                                                                SHA-512:16E9CBBA44FB14E0E27FC872DE51E501DFFE79CC39B3386BCEC28F6DB874CB84606848E5C1E67322486FE29960DBD514FBF505AF8C94CCCD54126AB873A33AA7
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......3..........U0......................................@F...........`A..........................................?.~...~.?.P.....E......pC.p.............E.0...tu?.8...................Xt?.(....k>.8........... .?.P............................text.....3.......3................. ..`.rdata..\.....3.......3.............@..@.data.........@.......@.............@....pdata..p....pC......&B.............@..@.00cfg..0.... E.......C.............@..@.gxfg....,...0E.......C.............@..@.retplne.....`E.......C..................tls....V....pE.......C.............@....voltbl.8.....E.......C................._RDATA........E.......D.............@..@.rsrc.........E.......D.............@..@.reloc..0.....E.......D.............@..B........................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader_icd.json

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):106
                                                                                                                                                                                                                Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):913408
                                                                                                                                                                                                                Entropy (8bit):6.578192683971118
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:VkLGO/wBlPes+ERBTmqQRw6Z5WdDYsH26g3P0zAk7JeAy0:SLGQwBlOEDTVUw6Z5WdDYsH26g3P0zAC
                                                                                                                                                                                                                MD5:2DB0026C9329B1FAF58971CF1AC51A6C
                                                                                                                                                                                                                SHA1:E7E043AD9FEB2086B4EAD78A661C376DE596E4D3
                                                                                                                                                                                                                SHA-256:E471E4E0A5635D2E5F6E1E5778016D0E5E169BC61AA32E5D380EBCD2502FC103
                                                                                                                                                                                                                SHA-512:AD1E66450CCBF49BBAF7632BB7B9C201D2BB0E53CF2594DACFDA439545BB07AA2A085D188654E8E057D3AE0C1D682D3523942D9492D3C1F2D74BCE8BF378D7E6
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ................`(....................................................`A.........................................p..<!..$...P....p.......p...q..............D....S..8....................R..(.......8...........p................................text...s........................... ..`.rdata....... ......................@..@.data...,M... ... ..................@....pdata...q...p...r...2..............@..@.00cfg..0...........................@..@.gxfg...P).......*..................@..@.retplne.....0...........................tls.........@......................@....voltbl.8....P.........................._RDATA.......`......................@..@.rsrc........p......................@..@.reloc..D...........................@..B........................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\css\normalize.css

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6853
                                                                                                                                                                                                                Entropy (8bit):4.906654635893315
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:FCe48Am0EzM0x8n3PwMEoSX7kb5XBm8xtn6M5Ly63zD2ii8VNJ:FU8KnIMEovbZBmgTlyalJ
                                                                                                                                                                                                                MD5:7F411D49C20EDFD7499ACE24A5997712
                                                                                                                                                                                                                SHA1:B7C99C7B37BC5C87F3B483695FEE7961D628F28E
                                                                                                                                                                                                                SHA-256:004613F14315671B3A95CF4D4051E76D351EEB6E528B83E66B92001B55878966
                                                                                                                                                                                                                SHA-512:6A5C9C07E60622ACB0D34F15C688C14D64A86F5C5E58282CA2C36092B615E7BB3C9DDFC1F511B54F7FE21F5271D0514D81EF1474D4CA1500B7A5085B609AE691
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */..../* Document.. ========================================================================== */..../**.. * 1. Correct the line height in all browsers... * 2. Prevent adjustments of font size after orientation changes in iOS... */....html {.. line-height: 1.15; /* 1 */.. -webkit-text-size-adjust: 100%; /* 2 */..}..../* Sections.. ========================================================================== */..../**.. * Remove the margin in all browsers... */....body {.. margin: 0;..}..../**.. * Render the `main` element consistently in IE... */....main {.. display: block;..}..../**.. * Correct the font size and margin on `h1` elements within `section` and.. * `article` contexts in Chrome, Firefox, and Safari... */....h1 {.. font-size: 2em;.. margin: 0.67em 0;..}..../* Grouping content.. ========================================================================== */..../**.. * 1. Add the correct box sizin

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\css\notification.css

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1141
                                                                                                                                                                                                                Entropy (8bit):4.796651326134806
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:U6CbfLhXJJWg1MrPv4OvvlpHcvB20TtZjcRATa0NQURtCG+ATb1:U6CPYcMrPv4OHlZc1pa0dC4B
                                                                                                                                                                                                                MD5:3542FE11A1F6A9EB80B0B5E2FC62403F
                                                                                                                                                                                                                SHA1:992A33E44668060CDA7CDDB97E3D1CF7471DC0EC
                                                                                                                                                                                                                SHA-256:AB8A7E29866641FF26C8381EDF708018F8216BED00E5AD9D00372DFA5208A655
                                                                                                                                                                                                                SHA-512:2F9764E6A5567FD83F56F03F7DFA008849596400D025AD07FCA17EF462B6659685D7D61DC4AAC9E7452F8DC6B6F92C39E3BD6C4050078BDAD127649EFD9B841C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:body {.. -webkit-touch-callout: none;.. -webkit-user-select: none;.. -khtml-user-select: none;.. -moz-user-select: none;.. -ms-user-select: none;.. user-select: none;.. font-family: Inter;.. font-size: 14px;.. cursor: default;.. color: #b9c2ca;.. line-height: 20px;.. border-radius: 8px;.. display: none;.. position: relative;.. display: flex;.. align-items: center;.. padding: 0 20px;..}.....notification-background {.. position: absolute;.. left: 0px;.. top: 0px;.. bottom: 0px;.. right: 0px;.. background: url("../images/notification-bg.png");.. opacity: 0.8;.. z-index: 0;..}.....fast-icon {.. width: 32px;.. height: 32px;.. margin-right: 20px;.. z-index: 10;..}.....notification-message {.. z-index: 10;..}.....notification-message__title {.. color: #fff;.. font-weight: 600;.. line-height: 1.42;..}.....notification-close-icon {.. position: absolute;.. right: 8px;.. top: 8px;.. font-size: 10px;.. cursor: pointer;.. opacity: 0.6;.. transition: opacity 0

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\css\style.css

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):19383
                                                                                                                                                                                                                Entropy (8bit):5.0112385565785615
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:4y+M+EZw+b9bRzp+zZxxnnLu+cn8n6Nc/XXAMzZP3QJAMohke0:fvRVTIC
                                                                                                                                                                                                                MD5:9034B3CE5E94B3499142950852967953
                                                                                                                                                                                                                SHA1:D84E6823F56629AA19223390A4A8732F3550C3A7
                                                                                                                                                                                                                SHA-256:292893A9DC657720BBDEA183DC8A0C3589F3F0A5350EC4B46C9450B430E799F1
                                                                                                                                                                                                                SHA-512:5535B3E232301FFB3F0985D735EE7E3887150611D5314A63E78AAA46935F8AF4B04ED3A9F98821B32F444142F5B4EE3E5C68962A9D88494788ADF60C283122AB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:body {.. -webkit-touch-callout: none;.. -webkit-user-select: none;.. -khtml-user-select: none;.. -moz-user-select: none;.. -ms-user-select: none;.. user-select: none;.... color: #fff;.. font-family: Inter;.. font-size: 22px;.. cursor: default;.. background: url("../images/app-background.png");..}.....minimize-button {.. cursor: pointer;.. position: absolute;.. right: 42px;.. top: 0;.. width: 42px;.. height: 10px;.. padding: 15px;.. display: flex;.. justify-content: center;.. align-items: center;..}.....close-button {.. cursor: pointer;.. position: absolute;.. right: 0;.. top: 0;.. width: 42px;.. height: 10px;.. padding: 15px;.. display: flex;.. justify-content: center;.. align-items: center;..}.....payment-modal {.. position: fixed;.. z-index: 99;.. top: 32px;.. width: 776px;.. left: 184px;.. transition: opacity 0.3s ease-in-out;.. height: calc(100% - 32px);.. overflow: auto;..}.....payment-modal__frame {.. display: block;.. position: absolute;.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\back-arrow.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):230
                                                                                                                                                                                                                Entropy (8bit):5.02646206733417
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:tnrCtzURDumc4sl7vrERI/TmWkmkAHw6VQ6mqZllv:trUzSuJlaWkmkAHFVQ6hllv
                                                                                                                                                                                                                MD5:3BFAC922E0599E5F6E118AE9F7453C5A
                                                                                                                                                                                                                SHA1:51BD719086B6E392FC7040DEB4B74547EBBB61B8
                                                                                                                                                                                                                SHA-256:F8B60A6A67EA58329750FFD50B23F270C2AAF02C6D824ED61E8A428F95E26ACE
                                                                                                                                                                                                                SHA-512:50862060D322C0D67FEB8095CCA564D27B58A9273348941220DCB3B18A994F8193866A57E7A07F183B9F6297A77EFAE23139353F39F4582432952EB5AA59CD79
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="15" height="12" viewBox="0 0 15 12" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M2.5 6H13.5M6 1.5L1.5 6L6 10.5" stroke="white" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>..</svg>..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\checkbox-checked.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):613
                                                                                                                                                                                                                Entropy (8bit):4.689989765201426
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:trwdU/gKuJiM65uFxcjF6sF1UBRFWMR5qeP4upRE2OAuhQx9A:tYU/duJiMMKxeH1UlW257E21EQxC
                                                                                                                                                                                                                MD5:F3689CE536EA412B76CAAA8892603EC5
                                                                                                                                                                                                                SHA1:91652FE08C80D9E4A69FD49FD2A39A42F6E1220A
                                                                                                                                                                                                                SHA-256:4E7B084FFF602667C397616838DC6D919BBA35A682B4A90411E094CDE36D6F93
                                                                                                                                                                                                                SHA-512:7DED404780461BB1D693CA17673BDC38370BD98853B72735CE038F67A0ACC94B099C137F11006F611DF173FD59579CC0DB22ECCEB6EEAE37390AE036A9CF270B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">..<path fill-rule="evenodd" clip-rule="evenodd" d="M4 0C1.79086 0 0 1.79086 0 4V20C0 22.2091 1.79086 24 4 24H20C22.2091 24 24 22.2091 24 20V4C24 1.79086 22.2091 0 20 0H4ZM17.5496 9.01034C17.8314 8.70681 17.8139 8.23226 17.5103 7.95041C17.2068 7.66855 16.7323 7.68613 16.4504 7.98966L10.4341 14.4688L7.98014 12.4238C7.66193 12.1587 7.18901 12.2017 6.92383 12.5199C6.65866 12.8381 6.70165 13.311 7.01986 13.5762L10.0199 16.0762C10.3261 16.3313 10.7784 16.3024 11.0496 16.0103L17.5496 9.01034Z" fill="#1BEAB7"/>..</svg>..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\checkbox-hovered.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):205
                                                                                                                                                                                                                Entropy (8bit):4.913102574106915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:tnrwdhC/gKumc4sl7vpjh7S9Hy2tnsTq9MSQXqVgA:trwdU/gKuJpx6tngqI6VgA
                                                                                                                                                                                                                MD5:37505F1E1AF18970EE9D0B38352AECD4
                                                                                                                                                                                                                SHA1:888C3DA3521373CAB0AC31F45F259A2B16B60621
                                                                                                                                                                                                                SHA-256:169004848537907BB02CD0E19A3D1E7F0E9DE2AA9BB8A8998D85364CAB3E7999
                                                                                                                                                                                                                SHA-512:87EF45501D7A51C7601ED00534236CD67BFCEAC4D86662CEF32333D9C59402BA3950AEB1D1830F66ECE50951D68E14A7EF228FC9D7C7671F683BDD969A5F31AC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect x="0.75" y="0.75" width="22.5" height="22.5" rx="3.25" stroke="#1BEAB7" stroke-width="1.5"/>..</svg>..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\checkbox.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):203
                                                                                                                                                                                                                Entropy (8bit):4.80726810597501
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:tnrwdhC/gKumc4sl7vpjh7S9Hy2tnsTqkAHw6VgA:trwdU/gKuJpx6tngqkAHFVgA
                                                                                                                                                                                                                MD5:5426C6A253EBC952C3EAA41F380A4FDD
                                                                                                                                                                                                                SHA1:6F64776CC50B22D1DEB1697DB23F30C23E60B6EB
                                                                                                                                                                                                                SHA-256:6FE2EF27B946A116A95F52EF8ABE6523E10C4B69039B8E4AAD1FE534C64AEB1B
                                                                                                                                                                                                                SHA-512:DF263BD4D3976A0AFF95F4BFD87DA5FAFE3FF8C93FE8A9A510ADE20C772EC29C612AC4FF85A808395F508F8163FDDDFF81F580E11FF6B680DFF00C8A9638527B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect x="0.75" y="0.75" width="22.5" height="22.5" rx="3.25" stroke="white" stroke-width="1.5"/>..</svg>..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\fast.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):37918
                                                                                                                                                                                                                Entropy (8bit):6.013092765511404
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:FHdknd28mdN7OEbCRqjI9IDdkXbkWrw6kgPbRExUP2rGioSeHf:F9Wd28mIckwWrwKbRE/nXeHf
                                                                                                                                                                                                                MD5:006577A377F0219BCB2FAE7AFA5308BF
                                                                                                                                                                                                                SHA1:89E784EA0B37010BF0E7E9825A296FBBBE9A8019
                                                                                                                                                                                                                SHA-256:A774B144C48347AF4E47E59744A85B336511271B3412A2C7B4BBC67F1EE81A1F
                                                                                                                                                                                                                SHA-512:2FE432B483696E0B8C69D903ABEF40C405D94FF59359217C590890B3F40B840D87B69FB949BD34A5CA1C5F32476006845C537AAEAFCF2C636C375E3D7BD02778
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="55" height="55" viewBox="0 0 55 55" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><mask id="a" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="0" width="55" height="55"><path fill="#D9D9D9" d="M0 0h55v55H0z"/></mask><g mask="url(#a)"><path fill="url(#pattern0)" d="M0 0h171v55H0z"/></g><defs><pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1"><use xlink:href="#image0_729_108" transform="matrix(.00092 0 0 .00287 -.004 0)"/></pattern><image id="image0_729_108" width="1090" height="348" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABEIAAAFcCAYAAADMJhs1AAAACXBIWXMAAAsSAAALEgHS3X78AAAgAElEQVR4nOzdCZhU1Zk38P+pqq6u3uimgQakuqBZFASkQRFxA1ziFqUTNSZqFLOMWVxIZrJPIkkmk8kkE9EZx2Qmn2AWhcRE1Am4C+6KC0ijskPRbM3WDb3Ufr/nFKe1xe7q6u66t8699/97noqErq4699yi7r3vfc/7CsMwQERERERERETkBj7uZSKyi/Ztzw72JgaMQyxWjWhsMGLRAUakoTjeEhuAo0erjUOHT0A0Uo54vAzRaBHi8SIYhif9EMILj8f7waamUhEIkYIQSQARBAJNKK84KCoHhsWAik0FFc

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\icon-close.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):212
                                                                                                                                                                                                                Entropy (8bit):5.000455669184287
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:tnrZvUYltumc4sl7vrERIYpU0AW9mkAHw6VQ6mqZv:trZvnltuJl90hmkAHFVQ6hv
                                                                                                                                                                                                                MD5:9F2B2BD8B8D73721ECB5E598416E0142
                                                                                                                                                                                                                SHA1:B55D6D9D47984089F699798D1E6151D05414A4C7
                                                                                                                                                                                                                SHA-256:E44C2974675D120535F757FDFDBB4703E7869F6B31F65705DC852740641B864E
                                                                                                                                                                                                                SHA-512:C3952A7ECF4712BB1DEA379EAAD13C3087837AAC28287C7400EB4FBECCAA376362CAB426D148E941AEDF48346E4651E0E74EB5045677CCDADFC078E3D8691F08
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M3.5 3.5L12.5 12.5M12.5 3.5L3.5 12.5" stroke="white" stroke-width="1.5" stroke-linecap="round"/>..</svg>..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\icon-tray.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):187
                                                                                                                                                                                                                Entropy (8bit):5.002130422255309
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:tRBRNqcwR+8XcvUJUTlt7SLvDmJS4RKb57vrErFuHodoAwRAHFWFA8cjQFAmYHZv:tnrZvUYltumc4sl7vrERIAdkAHw6VQ69
                                                                                                                                                                                                                MD5:06FE31675C8BD074E6B34DBE76EF1493
                                                                                                                                                                                                                SHA1:B14A8EA097C45E360011C58C6267A36BADC9B3F6
                                                                                                                                                                                                                SHA-256:437B516A0CD2FBA01270B2211940559C34089D4C155A27B8185A7B79DE7598B5
                                                                                                                                                                                                                SHA-512:452FD00F5F91E6EB24D65D146EAD1B9E6F0FAD8689BCDDDCAEA74B4B3FC521C5C1C38359ED8F19DA2D64569830BFE36135F6B683D360AE18B30C3B7D0209478D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M3.5 8H12.5" stroke="white" stroke-width="1.5" stroke-linecap="round"/>..</svg>..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\info-logo.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9537
                                                                                                                                                                                                                Entropy (8bit):4.043358010957342
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:2nuOSUJTPLpHe8ANf+zXoQEIUs/a4Hb7SOlupq1eWi0/cUZZYq1VFCW:2npS8hWx+jaIUsdH6QupbXQa3W
                                                                                                                                                                                                                MD5:3C55BE79701E1AA182D955D2ECB20E4C
                                                                                                                                                                                                                SHA1:DA31AD355ABD436462A326AEFB52E525F7E51503
                                                                                                                                                                                                                SHA-256:92975717849665B2F89F8FBD59F692506EFFBE6F46B352E4F85A12F42E65429D
                                                                                                                                                                                                                SHA-512:A916C71022E483D6BA1264C57468996AE3BEF8D72294CA67A35368540FFE1DD0E1979EB18BC8D3E0E7144E73C26C418743061C06D437B2D2E75433BACEBEC1B5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="226" height="70" viewBox="0 0 226 70" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M14.5019 55.3051C16.7827 57.5785 19.8198 58.5437 22.525 58.1327C22.1485 58.907 21.601 59.6796 20.8482 60.43C16.817 64.448 8.41064 66.3325 6.14523 64.0745C6.07166 64.0011 6.00151 63.9227 5.93478 63.8425C5.85436 63.776 5.77736 63.7078 5.70207 63.6328C3.43666 61.3748 5.32736 52.996 9.35856 48.978C10.1114 48.2276 10.8865 47.6818 11.6633 47.3066C11.2527 50.0046 12.2211 53.0318 14.5019 55.3051Z" fill="#EFC75E"/>..<path d="M23.1806 55.8205C23.107 56.5794 22.9034 57.3537 22.5253 58.128C19.8201 58.539 16.7831 57.5737 14.5022 55.3004C12.2214 53.027 11.253 49.9999 11.6653 47.3036C12.4422 46.9284 13.219 46.7237 13.9804 46.6504C15.2106 48.864 16.8874 50.6565 18.0236 51.7906C19.1597 52.923 20.958 54.596 23.1806 55.8205Z" fill="#DEB957"/>..<path d="M51.9224 2.79346C60.2465 -0.27462 67.3781 -0.702684 69.0378 0.958409C70.7061 2.61268 70.2749 9.72264 67.1968 18.0179C63.8243 17.3715 60.3116 15.5262

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\icons\logo.svg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9531
                                                                                                                                                                                                                Entropy (8bit):4.041601214334172
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:4HRt6z3J2o1hBvvSuTX18yA0w1emBawW7UcjNOl3:OREz3J2IvSuTX1tA0QaZQyNOp
                                                                                                                                                                                                                MD5:49C358496D8D932144A666B0D37C0876
                                                                                                                                                                                                                SHA1:0A07E1621556858CC07B01A044D0DB77BEE74BFD
                                                                                                                                                                                                                SHA-256:35FAA3B970B08A0D06186CFDCDEE84A6B53B45F2B838101DCBC8F4DD4F959053
                                                                                                                                                                                                                SHA-512:C54FBD36D1CA3D1BE99967968A328030028742E6E68EEF6459AEF248B9E8A436C3A5AD94B24F0ABB3371F66EAF75A0C3254AE7565A15AB1400D842ACD1F60D28
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<svg width="72" height="16" viewBox="0 0 72 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M3.32135 12.6412C3.84359 13.1608 4.53899 13.3815 5.15838 13.2875C5.07219 13.4645 4.94682 13.6411 4.77444 13.8126C3.85142 14.731 1.92663 15.1617 1.40792 14.6456C1.39108 14.6288 1.37501 14.6109 1.35973 14.5926C1.34132 14.5774 1.32369 14.5618 1.30645 14.5447C0.787742 14.0285 1.22065 12.1134 2.14368 11.195C2.31606 11.0235 2.49353 10.8987 2.6714 10.813C2.57737 11.4297 2.79911 12.1216 3.32135 12.6412Z" fill="#EFC75E"/>..<path d="M5.30823 12.7591C5.29139 12.9326 5.24477 13.1095 5.15819 13.2865C4.53879 13.3805 3.84339 13.1598 3.32115 12.6402C2.79892 12.1206 2.57717 11.4287 2.67159 10.8124C2.84946 10.7266 3.02732 10.6798 3.20166 10.6631C3.48335 11.1691 3.86729 11.5788 4.12743 11.838C4.38756 12.0968 4.79932 12.4792 5.30823 12.7591Z" fill="#DEB957"/>..<path d="M11.8887 0.6385C13.7947 -0.0627699 15.4276 -0.160612 15.8076 0.219064C16.1896 0.59718 16.0908 2.2223 15.386 4.11834C14.6139 3.97061 13

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\about-section-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 752 x 234, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):124639
                                                                                                                                                                                                                Entropy (8bit):7.993546703761157
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:3072:YJRNqHmDSDJmO/+PDRZX6oZflaJLhzk69IM9ZLEIAS:YmRJmw+P1XB4JdVfZ5AS
                                                                                                                                                                                                                MD5:A1C5834B41BBDFDF959DF270B33D8FFD
                                                                                                                                                                                                                SHA1:5906AE25339C0EC35264105660B47E87B83F7E32
                                                                                                                                                                                                                SHA-256:541A681493FF21E1A7A5304F35B6D70066E61C8DAF4CDDF6593CAA1C7CB314A8
                                                                                                                                                                                                                SHA-512:C875675CAAF2C670435743914FF0A2FC63B40DF8DC528B5406756DF3965FF08FC955D7372B58ECF5284B0A56129BA78A7B9712D7035D13A52DB33C8DAE636575
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...................gAMA......a.....sRGB.........pHYs.................PLTEGpL.(>!6R..F)7O..G. 2+;Q..+..+-C_Jb...*,D`.EbIb.Ld.Jb.Mb.Nf.Id..%:.$9.$8.#8.&;.$9.%:.#7.%9.+@."7.#8."6 0F.*?.,A!1G."7.!6.*>.*>.(<./D"2H.)=$4J.&;./E%5K.&:..C.'<.!6#3I..D.-B.!5. 5.,B)9O 0E(:O.';.(<.)=&6L..D/?W.?W.-C.+?,=T.,@'8M-=U /E.';+;R):P.-C->V'9N,<S!2G*;Q(8N.@X(9O3D\+7F.*@+;Q&7L$2L.)<$4K!2H%5L.%9$3I'7L.*?.&:"3I.0E4F]%6L. 5->U#4I0BZ#4J.(=,;R$5K/AY'7M*:Q.)>.+A./B#3H.+?./D.-B.$8.)>"2I.+@ 1F%6M.*=!1H'8N*9O1C[4E]3E\"3H./F5F^&1> )X&7M 1G.)>0@X&6K%6K..4.*?0AZ!0F.(=.=U.(;(8M%:Y1AY%5J+:Q/@Y3C[$#C.&<$5J.#7..C+<R..32BZ,<T#3J.$8/>V.':.?X."8-<T1CZ.)="HR2C\"1G6H_,<R+;S%4J!(H.%; 0G.(<#2H /D)9N.#9&5L.%8.*=.!7.%;.#7&5K.&9..+.=T.,B.#9&7N.$7.)=&7K"1H&6N..-..**:O."2/@W):Q.#5Kd.H`."3J4Ki#5J.%7!7TD[}.$7@Xy#4K..00Fe&;W>Tt;Qp.4Q.2O#5I7Nm)>\,B`.)<.0M.%;./C9Kd.-G..PI....tRNS... .@....@..@.....O.....YIDATx..{P.y...{..8..53I..N5.K."..\........B..\..PDHp.@...b..R.......e.].5:.S.}Nt.1.s.t.33.3s........3...Fl*...%

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\all-circles-bg-mask.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 752 x 234, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):120361
                                                                                                                                                                                                                Entropy (8bit):7.995404470094665
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:3072:jT3A70ikgjMxNgnfoXtOZfXV/q3Hu95JfncXTZnOZ:P3A7/v9q3OFfnmTUZ
                                                                                                                                                                                                                MD5:C0A3BE92E716577C030C17351D61D5E0
                                                                                                                                                                                                                SHA1:E3DDC18476AF21603C4F57C68388331582110C88
                                                                                                                                                                                                                SHA-256:708EEC6AD0FCD4A29AAF0735A95C9F430799FD987233DAB57B4A977082044A50
                                                                                                                                                                                                                SHA-512:90AC70BDCFB2D001825BBB9669836BF4E20EC12F62622ED66610C1C28959AE992738C2351FC434B71AD998F3735EF3418CAD6BC97D1044AA1E318312AE4835E2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...................gAMA......a.....sRGB.........pHYs.................PLTEGpL.$9.%9."7!4J.&;. ?.&<.)="3G.,@.%9.$9.-A.%9..D..B.$9.-A..C./D.%:.-A(8N.,@ /D.'<.$8&6L.,@.-B.%9.-B.*?.#8.#9.,=."6(8N.)<&6L)9O$4I#3I.%9 0E*:Q&6L'7M!1F$5J#4I*;S#4I(9N'6M(9N"3H)9O.!7)8O.%9.#5+;P=Ts...GpL.!8."6.#7.!6.$8.&;."7.%:.$9.#8.$9.*>.+?.%:.%9.#8.&;.(<.)=."7.!5.'<.&:.';.'<.+?.(<.(=.!6.)=.,@.&:.';. 5.,@.*>.%9.(= 1F.-@!2G.)>#3I.-A.+>"1F.-B.)> 0E.#7..4#4J.*?#3H.,A.$8.)<'7N..C&6L.*=!/E.+@..D#4I"/?.*?"2H /D.,?. 5*:P$5K./D'7M /E%6K&5K.+@(8N..B."6!0F.,B%5J'8M&7L.;O.*>..B+;Q(8O.+@.,A+<R#2H,=S!1G .C*4<%&D*:O%4J.&< .D.':..C*<Q.-C.*=&7L$4K#2G 0F.$:./C./E.#6.%;$5J.(;.#9):O.,A"3H.(;..*.#6.,@!/D."8.!7)9P.,?"0E-=T"3G.)=.%8+=R.'=."6..,.+?.(=..-.';../.&9.*=.'S.%9..2.';.6R?Uu.>U7Nm<Sq.2N'=Y.$9$:V3Jh. 1.%8-Ca*@]0Fd#4K."=.)6.#<.....-.#7r.....AtRNS....... @ .`..p...p.....@`..P..P0.`...0`..p0..P.....0.0........IDATx...S.....%K.M..c..S>.Tb{.x;.W...u........f7....)......P.....*...6.1R[>RtP4.....4.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\all-circles-transparent-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 752 x 234, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10157
                                                                                                                                                                                                                Entropy (8bit):7.8506241639495125
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:cSOFgDFFfgr+5kWeL7qx+2kQbfWpSYygjaznbnlC:bOFgDG7qnkO+p2ZzblC
                                                                                                                                                                                                                MD5:98C6AE0575B67BFD77234E6C6575A600
                                                                                                                                                                                                                SHA1:189FE975CC0FA5E86C482AC98E8C1D21EB45D4DD
                                                                                                                                                                                                                SHA-256:C6E796CDC1A3B1EF5F502B448908E4F417E1C30ACE33BAD8D3A7965FF057BA2B
                                                                                                                                                                                                                SHA-512:F49984E05B156D49BE2CC2E42401BDFD5D68D4CB087C46E3EF4FC3DFE9801CC63AB5B09C57253D071C9A718D0B02B3D2461F81CBA5FF58309D0F63591828A8EA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR..............tq.....pHYs.................sRGB.........gAMA......a...'BIDATx....].y...........8L!....$$@F.f.....u.V}...U.o.......Fj..Q...F...6`.l..l..o.t./..>.......=.._..os....I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$....!..k.v.H....}]..k.....kwt......-........];.-]..k..wJZ.f]j.Y........QB.r.>./tm{...k.u..4.g......{b.rp.x5F..pa....ol..]...f..Km0.Z.u.>x....?...vc>&..umo>&.G.v8JX#...r...||<.s..........W.k.....vgH.$........~1...../v..(...e..V..T....Q.{,.....w...."..r...V.G...6_[..e.=..I.a.6.uM......u...|.|.n.z.vE."....@....5G...bq....V.Q.{..c........;..c..qG..|.........X..u..f].....#..eK>...".....!._.%....]..!t.sc>>...A?...z..w.....n7..y..........37.h..>..u.s!.2.R..............c&...F.K......k.^...8..8..!.....*.h.<...~4..tB^...F#.o....\Hx.v..6...x..t.n...E.W.....u..f]S..?{....2...E...!.T.taQi....J.[....||i>&...v..z<..ct..Q.W...r(._.........J.%..=...c..q....bvk......u..f]3.2..G

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\app-background.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 960 x 460, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):137078
                                                                                                                                                                                                                Entropy (8bit):7.992746522595616
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:3072:t/QJJeh1hS0ox3Ig92kPG3p06LBBFw3qhnrgTmrIN35thVBxSV2UG:toJ9/2kPEttBF8yn0i433hVBxcxG
                                                                                                                                                                                                                MD5:766CC7738A10FD5A781B29E7F4833DFB
                                                                                                                                                                                                                SHA1:6857FE0096F0AEC0ADB9C6DC1B1E67A772D5FB56
                                                                                                                                                                                                                SHA-256:03A96804ACC65961D5971B0AB657F1C8C1C0913C98797432B8AE4B7F04D1199B
                                                                                                                                                                                                                SHA-512:ACD5C8E6E9022003749D39B5E01A6AFD517849F20C503804CD0906736F591245FDDAFA2A112D07F5F6BB5AE6609331DD9B1B1B0AD81291FD332DB025F18770B6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.............-U1.....gAMA......a.....sRGB.........pHYs.................PLTE.....!.....&..".....#........ .."..*. 2.#6.....(..)....':..%..1..,..$..'.&9.%8."4..".!3..-"-B..*..+...../.)=....$7..%..&..&..$!,A...... +?.#5..'.. ".B#/D..0..!.. .+>..$.*>.*>.';..+..0..2.(;.#6..&.."..-../$/E..&..!..2.%7".C.)<.(<.(<."5 +@..*.':..-..!.$6..*..,.!3#/C..)..1!+@..(..(...."5.*=..%..%!,@../.$6.&:.':..'..+..).....0..*.&9.!2.+?..).!4.$7..,..#..1.%9..#..+."4.&8..""-A.';..0.!4...$/D.#6$0E..*!-A. 2.#5#.C..,. 3..!.. +>.(;..'..,..$",A.&8..+.&:."3..%..).)>.#5.(="/C..0.&9../!-B..+.)<..&.'9.....-.....*!,B.%8..*%0F.)=.(=..#..&..#..1..*..)... ,@..1.'9!+?."5#.D *?.$8 *>.*=."4. 1..+../..(..,.%9.%7 ,?.'<!+A..-..).#4..'.. .)=.&:..). 3.(;..-.*?.)>.%7.!2. 2..%..(..,%0E]U.....bIDATx...ObY.....h!].Dq.T*9..x......N.c....`Y.1..$.L.t=..I.^.J.^|.?..n.o...9X.c.};...a....E.:.H|..%.c1t..r,_......~;=........./...lv...E.^.....Y.Y.....N...t.m.q..C.I.R..i7..R...A..)Id.....".~..D....l....N.S..2:.....=.}..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\contacts-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 752 x 72, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):38895
                                                                                                                                                                                                                Entropy (8bit):7.990964332764873
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:7EEV8zrd0Vxva568aPuv3YNMb1CqmN3Z47IUXLxGEtktbeXFuHOFWfX:4EV8z50VK6lPDN4fo3Z47IMxjt+mgOE
                                                                                                                                                                                                                MD5:AB76A537C3578459C3D3EC3D29282568
                                                                                                                                                                                                                SHA1:113BB81C77EE8418F7D480D5BAFC09A5BCD282C4
                                                                                                                                                                                                                SHA-256:63861B20F7E492D4AB33EB10D3E8CCC092119B40ADB42A357564376909BD9F86
                                                                                                                                                                                                                SHA-512:A81F561240D52AFF0C4C80DC93C5927FF3AE3A1D7743DD5ED2F4F58E9CF3E88B3713B24422D339D2085B3AB48C36B48CE230B708AB9E7AEB7984A2DFB3479CA4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......H......~1y....gAMA......a.....sRGB.........pHYs.................PLTEGpL.(>*K`..+..,./J.,D.&7*A\..*. 1..2*>Z-D_.0M0H`#8U+B].C_.#7."6.$8."7.#8.*>.)=.*>.!6.%9.+?.(<.$9.';.+?.)=.';.,@.#8.%:.&:.$9.(<.%:.&:.,@."7.&;.%9.-A.'<.&;.(=.!5.$8.'<. 5.#7.-A.)>.+>.!6.(=..B.*=.*?.,?./C."6.+@..B.)>.-@.,A.)<.*=.)<.+>..A.,?. 5.*?.$7./B.-5.(;.#6.-B.!5.(;.-@. 4.%8 /C 0C.&9.+@..+.':.':.+?.&;!0D.#7.#9..*.*>.,A..4.(<."5.'<.)>.*?..C.)=.(=.(>.,@. 4.'= 0D.+@....-B!1E.%:."6.$9..+..0.0D../.%;....&9./D."8..3.,A.';.-A.0C.%8.&<..A.!7.$:.)?..C..O.1N.#6..,.2O.-B.&:.$8..-./C.3P. 1.'=.(<*?[.6S*@\,B^-C_'=Y.&<$:V+A](EB."7(=Z.E`./B.1M%;W#9U&<X(?Z.!6.#8"8T.+>.*>.#6./L.!5!2F.5Q"8U.$:."5../.!1.$7.+?. 6'<V.,?.*=!7T.%A.%9.*=.%:..A.#8.*@.,?.)<..0.5F.->.&9#5J.-F.g......tRNS. ........@@. ..":......IDATx.4..o[w.....N.f...p..K^.r.....s.7-dS.$...$yi..l.R,Av.`.q.X.;6.7N. .J*.:qjA%..,.T....R...=..|.UF.d......>|.s.sx.._..?._.~...../?.X.|.K....1/..w....k...w?|.C.}(.?....~......./?.o........._|.!.*.........~

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\exit-popup-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 400 x 156, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):47284
                                                                                                                                                                                                                Entropy (8bit):7.992295195519726
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:KigAZH6A8l6Je8DWJw8DKdKZqs0FXYUQyJmcHTbww9xIL3SO+/Uut7bhyhCNWnKF:KHAG+e8DWJQds0ytMVTbww9yL3uUE0h0
                                                                                                                                                                                                                MD5:D4D248C630BF6A7D53263F4B36A48471
                                                                                                                                                                                                                SHA1:0B00E36DE2739223F89FF841CFC0FDE451571D0E
                                                                                                                                                                                                                SHA-256:E408DDD3F15A91230029DF9C2ED3A740665CF430409F80545F2489344CA16033
                                                                                                                                                                                                                SHA-512:F5EF3C59B1C0B19486D78E788CD13E399F027110E30F1CB1B532A852EDF9DAAEE0B2A63D74B5BF920EF8E74BB522F7E16DA05CA6CA367681B7296E64C609A2C0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.............f..1....gAMA......a.....sRGB.........pHYs.................PLTEGpL.(<.."..((?]..#D[}+7N'5L'=Y..!..)<RrE[}..F..%#8UEZz.. BYz.(=.'<!1G"2H./E.)> 0F..D.,A.+@$4J.-B#3I%5K..C.)?.*?&6L.-C.';.*@./D'7M.&;.&:.%:.%9.&;.,B.(<.+A.'<.'<+;Q.'; 0E,<R.$9+:P(8N.*?.(>.#8.+A.-C-=T..D.$8#4I!2H.%:.,B"3I)9O 0G.(> 1G.,@#3H /E$5K"3H%6L..C.(='8M.+@&7L.(=#4J):O(9N.(<"1G,<S%5L.>U./F$4I&6M$5J/?V.-B!1F(8M):P"2G$4K!1H.-A.'=%6K*;Q.*@&7M.0E."7./D!0F.0F"2I'7L.$9)9N.&:'7N..E!2G*:P."6..E+;R'8N-=S 1F+<R&5L.%9(9O-38.)=->T#3J.$8%5J*;P.)> /F*6K.,A*:O'6M%4K/>U/?W&5K.-D.-B.'=,=S.)?.&:.6?-<S.."'6L.+?!0G$3I.)=.,C.!6.&;.>V&6K%/T.$9%4J.#J.=T..B.#8$3J.)>0@W1AY.';..#1@X.';,;R%7K-=U(8O0@X+;P.*>(9M..!..%#2I.)@..'.':..B.)?.%9..( 1H.*>>Uu.$:4Ki.#9"3J.&<.(<1Xd&8M1HgCXy/FdAWw.&96Mk8On"3G%:Y:Qp!2I<Sr,Cb.)@#8UD[|*@_'>[..*#2G!8J.,@!/F'8P%3J..1.*=W>.7....tRNS...@... ..@......G......;IDATx.\..O....Y{.9g.={..n.....).&...p `n...`.0wl...(...\.....B....')..H....I.B.K]).{G.tMow.e..F}...~.oz.J.._......>...o}.......

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\fast.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):675
                                                                                                                                                                                                                Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:6v/7i6gX7dGD3+zoCQDrqUw2QUp9RKG3VvJN1xOJ24wLTYqp2agcmitQ9:78DOsCQ/PQoRB3VhN1k24wfYqp2avVa9
                                                                                                                                                                                                                MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\gauges-color-active.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16079
                                                                                                                                                                                                                Entropy (8bit):7.981372985145839
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:xA+u6DdSFEXls8p/jxpiDqUpFGeuwOFoFWpFx9gcli:M6hed8pbCWUeet+oFWbHli
                                                                                                                                                                                                                MD5:7E979DD87735C3E8E6436055DF0DB11D
                                                                                                                                                                                                                SHA1:73880AA036F89B21C3635824C19B2D7D155FD152
                                                                                                                                                                                                                SHA-256:C50E6F6205E523777B9B21C18389835B80D78D476EAFA45C4583D55DA29BCBD7
                                                                                                                                                                                                                SHA-512:2D391111A7E529003C3BEC89FA432425EAB52BEACD4B118C096774CA36BB088BBA2207108BB91C667F2A71B649E47FB22B54C39B03D3125415ED18E80E089171
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...............A>....pHYs.................sRGB.........gAMA......a...>dIDATx..}[......M7m.f|c...`BL.)0.>.h..=GA).="2+..}A.]%)........D...s~.}..9...S..|.so....]Yh........7...W..-...,....r..v.kp.R.2...o\q..p..W.l..g!`.vD=.*...y"..<...+..T.Z\.a..1.U[....U[..>..........8..s..c..o..u.....a^..$.Y.%..]#{...2... _.}..%.V..QR.V&.....G.0@`.dc..l....H:._9.........9G.;H....;|...w....v......;{8.Y..{:^C....V.WVw.I....*..-i..v..$=0.'zZY....\.&6..IH.7..P.Q.z2....J..G....~..l.....h..ge.^.....+..0.......1.C.!..4.@..{.m.ht.8....aY.K.....h}.....L4.TZ...I}E.v.M.....].......{..c...>.w....-;....s..).....`....e4.c..;a...B...^LX,M.0[./..i.v..R..L.|REC-.} ...st...B....j..1D.o7yvt...V ..^..m.....{.+..v.`..R.D3....@7*i.P Jf...T..&..6D~z.S...~.!Q.......^E....^7..m.'.`7#wG...{......k........J...{t.29C.qNa.:lv..n....F.Te.H1.:y.X.i.r.>..._....t5..6..m....4.....:.w..xWm[&.}[v`zj..J."...j...@!..s.Q.]. ..(%....1B+..R0..-VH.(.J..O6.l....N.._..]..^...].Aa.i...

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\general-settings-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 752 x 144, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):77494
                                                                                                                                                                                                                Entropy (8bit):7.989935683068594
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:5orVvtWlHsKIY3V9rQMID3fMOXEFmeZsJnkZCGgjjzkvAiuPonM2tvvPr:SrBtWlMLYl9rAfeFmRyoGgnzGAiuwnvj
                                                                                                                                                                                                                MD5:76D093B4423DEF770AC9B17FA09079B4
                                                                                                                                                                                                                SHA1:A932B9979DB7558B87BF1357163D66C67D3715B1
                                                                                                                                                                                                                SHA-256:A5A875F2103586E2752F369AF0F0A952E813B6EA126DB979499A5EE63A86F92C
                                                                                                                                                                                                                SHA-512:1A8F8C24C10DF561CE8A176E129AE70DACC0496AD4449A39535382830EA9D7A097AD3530605CA7A292A492F3255DA709B3A05495AF7F77C62557CD29048A2EEE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.............Y..;....gAMA......a.....sRGB.........pHYs.................PLTEGpL3IfKc.Md.*=W.2K.*?-?T..*)=S.+E.....?..*.3P..*..+7Nn7PlKc.Jb.Kd..%:.$9.$8.$9.#8.#7.#8."7."6.%9."7*:Q.&;.%:)9O.*?-=U.(<.+@%5K..C.)=.';.-B#4J&6K+;R.&:.!6.)=.>V(8N 0F*:P./E.)>0AY):P.(</<W!1G/?W,<T.?W.*>$5K.!6)9P#3I(9O,<S%7L1BZ.&;%6K'8N.%9.'<*;Q'7M.=A/@X./D-=T.,A./E%6L#.K..D#4I. A$4K..B. 5.+A&7M$5J3D\1C[-<T"2H3C[.';.-C+:Q/@Y 1G+<S!2H!2G&8M.)>.$8.!54E].*@.?X%5J3E\2BZ,=T.,A.(=5G^'8O./F.&:.,B->V$3I"3J.#7.=U.-C"3I"2I.'<"3H. 4.+?4FG*:R4F^4F].0G.;Y,;R.)>,;S/AY'7L*9P#3H+;S.(; 1F.%;1AY.>U.,B..3.+@0BZ.+?.(F2C\.7O.(=.0F&7N)8O):Q1CZ5G_/AZ..E.-B&8L(9P(8M!1H->U.(<-<S.!7.*=%4J3D].-A.+@."8.#9.*?/>V.':.&<.$8.&9%6M0AX->W..+6H`-=V..*.!5....'=. 6*9Q 1H. 1.+<."6.):Ib.!2I?Uv.#6(9Q!0G%:W 6SLd.G_.."3D\~)>\.':;Qq5Kj.$6AYz8On.4Q.->,Ca0Ge.1N.2O2C].0M.!8 2G.2N........tRNS...@.... ..........q..k..+8IDATx..iL....Y...3....X. L.....P.Ul..Y..m;......p.81N..`...d#T.n.p...N.X..l+K..jWuW.Z.*.[U...9.Y55W...%..E.._.;....}.

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\header-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 960 x 32, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):23158
                                                                                                                                                                                                                Entropy (8bit):7.987660913924122
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:R9QtLDgZNSzlDy60WRCmBcyXYL3lxKlaYxb6iptbyRwP4GeW/ZH19DhzH9EdrVFm:R9mvgZNSzlWq6yi3lqacWO1lH/DDHerm
                                                                                                                                                                                                                MD5:D1EC70E94F9AEE5BDF38A8319333FFFC
                                                                                                                                                                                                                SHA1:048EDACB842649F3733B2E25691833673E78BF20
                                                                                                                                                                                                                SHA-256:358FB10480C694BD6A7927142523177F4D08CD00FDF6DC52E7C9F556978279E8
                                                                                                                                                                                                                SHA-512:86E6662F5271246AD1BBAD5EBB40AB289840E25E59FFE166295B0A359AD9EB24C95E25C93ECC14ED6287D4D07EB43BCCDE7C600F40D1CAEC01E61446ECEE4EE9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR....... ...........PLTEF\xF[vCZuH^yH_{Ja|BXsJb.H_|Ia}Lc.F]z?Vs=Tp;Ql9Ni7Mg8Jd5Je5Ha3Id1Gb1C\2E]6Ib0F`3E_.E_-C]+B[.AX*@Y)>X(=V,>V*<T,>W%:R(;S%:T%<V"7R$9S'8P!6P 5O0BZ2CZ1BY2D[3D[2C[4E]3D\5F]4E\3E\3F]5F^5G_5G^6G_4E^5H_4F^7H`6H`7Ha7Ia7G`4D\8Ib5F_8Jb7Jb8Jc7Ib8Ic6Ia:Kf9Je8Id8Hb7Hb6G`7Ic6Ha5H`4G^4G_5G`4F_6Hb5Ga3E]3C[2D\3D]1BZ3E[2E\1D[0CZ0AX0BY1C[0AY.@W/@X0AZ0@Y.?W.@Y.>V.@X,=U-?W.?X->V+=U+<T+;S*:Q,<T*;R*:R)9Q)9P(8O(9O'7N&7M&6L%6K&6M%5K%6L#4J$5K#4I"3H$5J#3J#4K#2H#2I"3I"2H 0F!2H.0F 1G./F./E./E!1H 0G..D.-B.-A.-C.,B.,A.,C.*@.+A.,@.)>.*?.+?.*@.)?.)=.(<.(=.)<.(;.':.(<.&;.';.&;.'<.&:.%:.%9.%:.%9.$9.$8.%8.$:.$9.#7.#8.#7."6.#8."7.$8."76Ga3F^5F`-?V-=U/AY%6M!2I..E.%;.!53E^,=V*;T%5L.+@.!62D]1B[0B[*;S.&:.&:.#9..42C\4G`'7O0@X6F`4F`3C\):Q..D.(>.!6. 53F_.-D&6N."8):R4H_5E_(8Q0CX..3.4....WIIDATx.4..y.J.......L.yy..$......$;.b...{.M..*.F.`.9vh..Q.O.....,]..Cnhx.v.T.tF!~.T..v6A/u<.....1.....X..@.x..@K2 #. ...r6..I......`'s..........6....[#..+..~y.Wp..b./.k...8....u^.../.w.._.|ql.].(...

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\license-btn-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 136 x 72, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7168
                                                                                                                                                                                                                Entropy (8bit):7.957106214340995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:uSdZk/acEQK68qnA2He+86KoVMNStmPRZ7vDCjvX:RdGHQ68qnA2HefoVMNStCRN+
                                                                                                                                                                                                                MD5:BF98C8F6317811293D2498DE535C670F
                                                                                                                                                                                                                SHA1:D931644EAFA5B12B7BD51157FED34F11E07A7EDD
                                                                                                                                                                                                                SHA-256:163F1DA77DB7AE6EC07CEE4EE7B843413528B50B46DBCA2D7AC6CE83C20DAEAC
                                                                                                                                                                                                                SHA-512:6EF9AE7AA55A6215FBC16796A56129B21F8A7E0B02018945E3652E68D521D73491FCAC79D5CDEB9A8DB612F2CAAAC33B6E0E64FD4B694A341F472B84A3006BAA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......H.......M.....gAMA......a.....sRGB.........pHYs.................PLTEGpL.5O..+%<X(D\.,B."4.(4..+ 0D*>Z-C_.D`..0.&8. 0.1J..*.5S#9U..*.5P-B_-B_-B_.*>.'<.+?.)=.&;.(<.,@.$9.';.(=.%:.&:.%:.%9.(<.)=.$8.+?.&;.$9.*>.)>.-A.';.#7.*?.#8.#8..B.'<.,@.&:.+@."7."7."6.(=.*=.%9.,?./C.)>.+>.-A.-@.!6.*?.)<. 5..+.,A..C.*=.!6.&<.%;..B..-.$8..A.-@.-B..*.'=.+@.&:..A.(;../.,@.$:./B%;W. 0.(>&<X....%9.+>*?[.':*@\"7T....,?(=Z(>Z.$8.#7,A] 7S.+?#9U..3!0D.)=./D$:W.+>.,A.#9.)>.#7,B^.';.6S.)?.&<.4R.(>!2G.0J$6M':R.,C.="e....tRNS.....@.. @............f....IDATh.E.......uuw..;t..... .6..E..X.*...9'r...)N...n..@...H../..y...........?~.....'.}...O>..c../_......x..../_|.../>..%.r~....o...o..../.O?....|y#.._........_......?.b................nmmu..5....f.y......YV..j...W...{.l.i..B+..H..P.G..'..E......96.H/M....Y.m.rI..........y.._...[[_K..n.T...u..n.K,...Iw...Ov.V...h....l.;.c-^.i.i.1.[Q.s..#r..?vB...N..vH<!.7m.+.2.m.L~*.*...~..?#.....Wr<..B.....lr..H.q....58...

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\network-error-popup-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 400 x 217, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):63218
                                                                                                                                                                                                                Entropy (8bit):7.993724807343349
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:1536:qIkf+DRZpmLeAKhWjv4L+KZYFQ9qsgwLztqfH4rd:DkmVZwHKSSjo8LzyYrd
                                                                                                                                                                                                                MD5:A5A3A48E0B94E1BDF81894A1203A7BD3
                                                                                                                                                                                                                SHA1:783E0BDBB971FD1A02EA657D7A6BF3C5DBB50840
                                                                                                                                                                                                                SHA-256:1622F7811B0CA5D0379D469591F34B21EA608B373694E6CAEB6BC4D09798F572
                                                                                                                                                                                                                SHA-512:D339A48A3066218310F63C74081A14A305E19842B61B9274EB4458ED913E9273D01290AA4DE7E441BCB99F7B9629DEAB38039B603A697B9F70078DE64A36E1FD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.............9A......gAMA......a.....sRGB.........pHYs.................PLTEGpL(<ZE_.F`.'5L 4N.'<+9L..*..".!.*?[#8WH`..."E]..(=.'<..D./E.)>#3I.0F.,A$4J"2H.+@.-B.*?.-C.%9!1G.$9.+@.*?.&;.&:.%:.#8.';.-C%5K.(<.'<..C'7M.)?&6L.&; 0G.)=.,B)9O..D*:P.*@.,A+;Q.$8!1F /E.0E.(='8N.+A$5K.';.,B 0E%6K'8M.>U.%:&7L.$H."6.)=.$9 1H.)>,<R 1G.(<./F(9N,<S#4J.(>.*>.-B./D.*>.+A-=T"2G%6L!2H.+?+;R.#7.'<$4K.+?'7L"3I.*@$5J%5L..C/?W"2I&7M0@X.#8&5K#4I.!6"3H0?W*:Q."7..E!2G,=S.?V#3H$3I.,@.,@..C.>V(9O.%E):P.-D.%9..E):O.,A.#9./D)8N)9P.'=.;G.&:.(=*;P"1G#3J!0F%5J0AX 1F.-B%6M->T$4I.&:./E*;Q.':1BZ.)>#2H.,A.*?,;R+<R.7=/>V.(>'7N.'=%4J /F.%9*:O+:Q0AY0BY-=U2D[.-=.-A.(<.-C..&.,B.&;..#..&.$:.+@.."..!.+A.(;*9O..D+:P"1H.)?'8O2.A'6L1CZ .D.-A.,C+;S.-B.&<%7K0?V.&<&8L8Om4Ki!2I.*=1GfAWxC[|+@_.%:>Uu.';E^.;Rq%7L&=[*;R-Db.&:.0D.>W. 4(:O#9W.. "4I..F/>W)8M.. ..-"0G.(:)<X.!......tRNS... .@....@..].Z...qIDATx.l..O....Y{..w.].._.Xq.*8.........B...mH.1...oq@..2o..@AJ....%.0L....`B..]f....'J...(3..=....m.h......R.w......'...

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\notification-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 300 x 100, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):23754
                                                                                                                                                                                                                Entropy (8bit):7.977616690133352
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:SAKXVPaaJdY3k1P83G/E97PiJbDz29/3g0VCYkwf4cbstAm0nvztkrhawrAa:0PPJdYCU2Yi929IoCYkwf4cbstARn7SL
                                                                                                                                                                                                                MD5:EE69EEAA3081737C265C6FBC33F18E1E
                                                                                                                                                                                                                SHA1:AF52B5D1F260C4728E167053DAD9942546740FF1
                                                                                                                                                                                                                SHA-256:2FB4C28144A26E65774BCE9A4A3B02CAB126955D8AB3BB14FAEE56A1D589F7E0
                                                                                                                                                                                                                SHA-512:7195EEB0D1F953E6DF38D308DED0689A88946FF37089BA29F00800C4D8D3230FE992821FC8C00C2EA143B42F15FCCF33A28E082A339A33C6CFAA910A4B740254
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...,...d.............gAMA......a.....sRGB.........pHYs.................PLTEGpL.A[..E.*@-A\7Lg +E6Mm.*@+>V-B] 4H%7O9Mf..F0H`-?W8Ph9Mg+;S#4J&6M,<T'7N%5L./F)9P(8O!2H 1G"3I*:Q$5K%6L..E*:R&7M-=U+;R)9Q'8N&7N'8O 0G$4K"3H.>V(8P(9O0AY(9P%6M.0F.?W->V'7O/@X,<S.-C#4I,=U%5K.0G..D!2G/?W./F&6L):P*:P.,B$4J)9O#3I1BZ-=T):Q./G"2H$5L,;S&6N.-D-<T+:R(8N'7M/@Y!1G+<S+<T..F.=U*;R2C["4I*9Q..E#5J,=T$5J./E/>V0@X0AZ!3H.?X 1H#3J 0F.+A.1F/?X+;Q.>U.-C&7L*;Q%5M!3I0@Y.@X!1H#4K.+B 2G->W2D[1AY.>W$6L(9Q)8P.,B'8P1AZ..D!2I.,C.)@$6K*;S"4J 0H.-B->U/AY./E'9N):R 2H.*A.-D%6K&8N+<R.,C*9R1B[-?W/?V-=V..F,>V'8M#5K2CZ2BZ)9R'6N*9P%4K+;T2C\.?V+<U+:S3:M*8Q3C[*:S&8M+:Q'9O"3J'6M)8O,=V&7O0?W%7L(7O(7N$4L7Je.,A/>W65Q0BZ6Id&5L(8Q2B[8Kf.=V,;R.@Y5Gb,;T /G.1G1CZ2Ea(:O4Fa.0E3D\-<U1D_.AZ)8Q'7P);U/A\*;P&9R4Hc0?X+=U.@Z(:S/B]%6N*9O,?Z%4L0C^3E_+=T!1F/@[9Lh$5M*<V#5I.-E0B\)8N+=Y(8M,>XGpLH.......tRNS........@. .. . ...........................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\prediction-engine-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 502 x 72, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):29330
                                                                                                                                                                                                                Entropy (8bit):7.986523289723094
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:VWpf3WLNxkl0wGlOL9oroJIiqWJp2/CG1pBC/LKm2sbtm9nig:CGLNuRK8JI9iKxfC/f2sbYcg
                                                                                                                                                                                                                MD5:1AE0EC6F8DE5ABC507F7064EC41EA91A
                                                                                                                                                                                                                SHA1:32D189888035ADACC6F2BB2DD88096169333FE84
                                                                                                                                                                                                                SHA-256:3AC6C05579C395F97BB24F7CEAABBAC87571866E75A1018544858A271866412A
                                                                                                                                                                                                                SHA-512:3686EE69273BD83C20D347F3E170599DA3E95F4D77E089ACEF7F45053ACC363515DCE440E548BE7DE3BF65EED9DE47B1992BB46E34B7C35A9EFD196E53FDA43B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......H.....3.'?....gAMA......a.....sRGB.........pHYs.................PLTEGpL+@[..$..*.)<%7P.."-?P..(+9QKd.Le.?VwF^.E\~.)9%8XJc...#Kb.+;S,=U+<T->V*:R.?W,<T/@X'7N!2H-?W%6M,>V2C[->W0AY.*?(8O.)>1AZ*:Q 0F1BZ.+A)9P&6L%6L.+@%5K.0F/@Y.,B.@X.'=)9Q3D\ 1G./E*9Q!1H"3I,=V.?X./E3E\0AZ4F]0@Y+:R.%:..D#4I#4J..E 0G!1G$4J.)?.*?.&<&7M.(=.&D"3H.+@.&;.-D.(=$5L$5K.-C.-C5(C..D5G^.(>.,C-=U(8P4E].,A3D[$5J.'<'7M2B['7O.(>'8O1AY0@X#3I"2H+;R.,A1B[3E].*@.+?2D[29^/AY1CZ)9R4F^"2I,<U+/G#3H+=U./D!2G./F+;T&7N+<S*;S2C\(9P-?X/?X4E\'8N*:S.>V):Q.-D5G_.@Y.+B/?W'6M.-B)8P$4I!2I+<U 1H.0E.%;*;R.%;,>W.,@.,B 1F2D\5F]3C[5F^&5L,=T..#%6K(8N..C.)?.'<6H_,;S.>W/@W(7N$4K1BY..*./F.)>%5J.$91C[.0Z3D].#2.0G/AZ,>U.*A0BZ..$.*@..,. /C[}'6N&6N..'Jb./AX(9Q1A[.(<."0Ld.F^.Ha..&;(8Q&7L+:Q"4H@Xz-?V7H`,>X5H`.$37Mm/Ee<Rs>Uu1Ig)@_&7O,Cb5Kj%;Y'>[.#1+=V9Op#9V>Vx.$:#2G.(?.."!2J7Ha..0."5'5K..x.....tRNS...@.... ..@.....(-0K..o.IDATx.D.yP.....w.3.uo..$$!.B.B aHH.2.P c1.<.<.4P2.aR..D..*(z....=..n.U...Zk.n.vw.s.xO.>.....u?_z.}.I~....{..y

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\sidebar-btn-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 136 x 40, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4688
                                                                                                                                                                                                                Entropy (8bit):7.905126720832232
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:XSQZz5FLGPxujyOmdkG791J74qud9+rzDCgnPc8uyA3QN:XSQd5YPxqYkG791Nz++rPPcFvY
                                                                                                                                                                                                                MD5:EDFE1B7F70B747CD493F4B78AF359A4E
                                                                                                                                                                                                                SHA1:EDD7C16A95887D6386C8E5506DEAB73B3369E6B2
                                                                                                                                                                                                                SHA-256:2B1D5194E67E75F345CC075CCDE481820F2C18B0B334AE9A9F3738AF48272546
                                                                                                                                                                                                                SHA-512:98EF34DFC8AA682D432F669887F05B7572CD4ED2FAB0173EDADC3620F647F481374456A1EE369438459F30B90DFBACAB662F61FBF2FB571BC85B71C893CBC41B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......(......xB.....gAMA......a.....sRGB.........pHYs................=PLTEGpL<Tx>Uv.$4CZz:Qp@Vv (<HX|. 0.!/#2E.)80C^DYz 0D8Oo.#2AWwCYy1Fc'9R. 09Rv;Su. /. 0."0*:Q*;S):R);S+<T)9Q+;S*:R*<T,<T)9P(8P(:R-=U+;R,<S(9Q'9Q+=U*;T,=U):S&8P.=U-=T+<U&7P):Q(9P*;R'8Q'8P-<T(9R.>U'9R.>V'7P&8Q,>V'7O%7P+<S/>V->V/?V%6O&7O(:S+:R%7O."0(8O,=V,;S+;Q&6O. /,=T*:P/?W'8O);T+<R.!/+=T/>U(:N%6N(8Q):P&6N-<S*<S0?W*;Q0?V. 0->U;Tv$5N+;T+=V->W$6N$6O.=T);R(9O)9O%8P0@W."/*<U-?W*:S$5M<Uw=Vw%5N.!0+>U(:Q-?V1@X)8Q?Xy@Wx*9P':R)8P->T=Ux>Vx>Vy."1,;R+:Q,=S?Vw=Ss;SvAXy'7NBWx. .+>V(7PDYzCXy.=V&9R&9Q;Rp$4M+:S*=T<Sw-=V>Tt):T:Mj*;U/=U,>W/?X@Uu9Ru1B\"2H.,@+:P;Rs$4J3Fa.$5%7N-<U>Uu$3F+>Z4Jk /D..C.....tRNS. . ..@.......@........@.4*Pm...tIDATX.$......}..=.i...EG3..&ZkFH.tSY..X.(.....jm........lv.%lvsH..B..H6Mr>.......G>#kf.......h`....Q...\...?{...g.........s<g...........=....:.<..:<.:;:.<;.>:..|.p................;....G..^_?...~..?..=|...?..........M....I.R$.e....d.%Y?9...N.U.s9.Wy..Vi...*..d.....tZy....W

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\images\system-overview-bg.png

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PNG image data, 234 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15170
                                                                                                                                                                                                                Entropy (8bit):7.974008973310119
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:rSegJw3ghJ2Qw87alXymlsJ0icxD0cywvhsquGe3JaxGYycue6JJTuUu5WLnm9+p:eeg2s2k7Y7pRi33QxGNcuQcmAAzpi
                                                                                                                                                                                                                MD5:3A68EAA813D8B88003A75BB5B39B060D
                                                                                                                                                                                                                SHA1:48BE8FB1BA0C579D2F70D683AC0956908F06842B
                                                                                                                                                                                                                SHA-256:BBED46E1C8181073645DD9658489768C3CF78FAAB9425E73FB0917EC78CC825E
                                                                                                                                                                                                                SHA-512:37F1AD48FFA0E4EFEFAD09AC7674D4D10A882BE124FC9277B118CED5FF855C25B71A7CBC83B0B5FF2D3FB6B466D5CC625D84FFDDBD01342AC951877F947DDEE1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......H......@i.....pHYs.................sRGB.........gAMA......a...:.IDATx.}}K.lIr.{.V.......5d..5...i.....A.v.v....`.5.Q..<...]]U7.?O....+....y.....s.8qNf\.........._..Z._.......)...:.v...:(^Geb..s~l.Qh............u..X...b....oI>N.........C.<2..i....W...............6}.v^}...??...$......k..^m........5..X......g.......T.:........^........O..J....F....#.n..X...>z.G.|:.Vc.n......d.p......1.....z..c..v...D...zW.C.7....r.y....d..P.o.....i3..A#...m......o...7..8.__....?...0.....O..}..?.A<.:.....2.wEP..Y..?.%...<g/..qr.........K.......%..`...jn..$)......!.C.............6..O..L#.v....#.&-;..t...!..i.w..".<:/...H8......l..6/......c.y..u..m.}.....C..).v.?........n...O..0./...i|..O.......G. ...~.......{._...z.!6/.\..:n7..@.........o%..v.....6......`......$... 3.A3l.v\...<.E..T.N6...\.2d..T~..y*.R.MYb.$[.e...sg.P..o........f.<.].u#R.Gz.$..-b...8...E.U5.R..*E..O.#.....2./...x>..o.......w.~....L...~.........F.&.z9...V..2

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\index.html

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (2539), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40747
                                                                                                                                                                                                                Entropy (8bit):4.3561175921167985
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:7ybuPBuGgJDt53vHqg8WxXdNT11knQ8d4hUJj:wsBZInz8WxXdp9POj
                                                                                                                                                                                                                MD5:CDFCD66D38E31EF02FF595EEEF696345
                                                                                                                                                                                                                SHA1:86D22B920A79C86C9B96B9341C81A3450B33295D
                                                                                                                                                                                                                SHA-256:68FD65B97E55483229FCA1ACD39B26E1443A9CB4BD4B3496A22F933339A666BF
                                                                                                                                                                                                                SHA-512:A8ADC934BD910566F7D8F69CDB49C5F2D386E4213BDB813C8C0313F775E2355BD3E4256A0E51420EB1140FA6AFD7AEF335879CE16D0851BC93D46754C42B4DAB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<html>.. <head>.. <link href="css/normalize.css" rel="stylesheet" />.. <link href="css/style.css" rel="stylesheet" />.. <link.. href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap".. rel="stylesheet".. />.. </head>.... placeholders for future start screen video -->.. <video.. id="fastvid".. style=".. display: none;.. position: fixed;.. top: 0;.. bottom: 0;.. left: 220px;.. right: 0;.. z-index: 0;.. ".. width="100%".. height="100%".. xloop.. nocontrols.. xautoplay.. >.. <source src="vid/fast.webm" type="video/ogg" />.. </video> -->.... <body>.. <div class="modals-overlay visually-hidden" id="modalsOverlay"></div>.... <div id="payment_modal" class="payment-modal visually-hidden">.. <div class="payment-modal__frame">.. <div class="payment-modal__content" id="payment_modal_content"></div>.. </div>.. </div>.... <div class="close-app-mod

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\js\notify.js

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3273
                                                                                                                                                                                                                Entropy (8bit):5.034717990635706
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:DV4RZjWSioewxpVIGZkv2WLxjdhjdnjaik+wT4dMM0xjRTZdzSqhONnsNo1N8N:R4RZ3ewfiGGVjPjtMsdMxjRTHSqhQ/Y
                                                                                                                                                                                                                MD5:9E4D0298EF2264E5C2EB1CEA2C58A588
                                                                                                                                                                                                                SHA1:31DF6D3F5999B6D721AC60EF2952CC1197D4B3CB
                                                                                                                                                                                                                SHA-256:6BF81AFE7430BEA7D61A75E758B6B8F0032C49353E16605463BA5FF0816D7DFC
                                                                                                                                                                                                                SHA-512:1555EA05CDB101E904EA3B361A71BE840794140BC1720C3EE8611BE01EE3E397447CCFC826F54EABD43C49930F9021C2A5D563573D2DAC7995CC1F943AF64BBA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:const gui = require("nw.gui");..const win = gui.Window.get();....let bClosing = false;..const queryParams = getQueryParams(window.location.search);....const SELECTORS = {.. body: document.body,.. notifyTitle: document.querySelector("#notifyTitle"),.. notifyText: document.querySelector("#notifyText"),.. notifyClose: document.querySelector("#notifyClose"),..};....const notificationTitle = queryParams["title"];..const notificationText = queryParams["txt"];....win.x = screen.availWidth - win.width;..win.y = screen.availHeight - win.height;..win.setAlwaysOnTop(true);..win.show();....setNotificationData();..preventFileDrop();..preventImageDragging();..activatePageListeners();..fadeIn(SELECTORS.body);....function getQueryParams(qs) {.. qs = qs.split("+").join(" ");.... const params = {};.. let tokens;.. const re = /[?&]?([^=]+)=([^&]*)/g;.... while ((tokens = re.exec(qs))) {.. params[decodeURIComponent(tokens[1])] = decodeURIComponent(tokens[2]);.. }.... return params;..}....fun

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\js\ui.bin

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):64624
                                                                                                                                                                                                                Entropy (8bit):6.172635925166225
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:0fretdKE4VT/8ke7Ju9F2JvNSIcI/AK+i:MLB8agpNSIFYK+i
                                                                                                                                                                                                                MD5:B10D548BDD97E7EB4143B7D47188F875
                                                                                                                                                                                                                SHA1:49AE390A8196D3AAF8ED8C09071BD03FFE9279DC
                                                                                                                                                                                                                SHA-256:6BC16EA3DA0B0B347813A7BC3A88D78D77209B323FC884FCA52A9758CFB29128
                                                                                                                                                                                                                SHA-512:E75E44328FCAC41D364573A3CF501897093E307A4C12FFA1A230886B06796023328FCE6B0F348EEA2A5092183C9ACA0FDA082F7F5066FA44D86FF0AB572A39EE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......S%......5.b].P............,T.....`.....1.L`.......L`.....,T.8.`......L`......"....Re...W....\\u[\dA-F]{4}....,T.T.`b.... L`.........r....2...."....Rb:.o.....\\u.I.....Ke&........<.8.p...;.3....o8...........!...-....!...-....y........_.........c.....^.........(Sb...........I`....Da.U..RV.....Sb.`......d.....Rbn.c.....gui..M...Rcb.......https.....Rb.2M....net...Rcj.9v....bClosing..Rc.xSY....bRunning..ReF.......bFirstMinimize....Rc..-.....bExpired. Rfb..m....bInExpiredSetting.....Rd.b=.....bEnterKey.....Re........bInActiveSetting..RcrV.m....bTrial....Rer.{.....bShowInterests....Rdb`......fast_UUID.....Rd........fast_Version..Rd........bFirstError.. Rfrf.S....bFirstStartReport.....Re2RD.....fast_urlPixel....(Rh..#O....usedApplicationForSurveyCnt...Rd>?.q....bMinimized....Rc.|......vGauges...Re........minGaugesChange...Re.F.E....maxGaugesChange...Re^.......bShowPrediction...Rdzf......bLoadingDone..Rd.~Y.....bFirstStart...Re~.Hq....bNotifyShowing...$Rgv......prevActivationSuccess..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\js\ui.js

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):45
                                                                                                                                                                                                                Entropy (8bit):4.461530252405225
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:+BKSLDrbIoMLNLQJlWsren:+Dn4oRVre
                                                                                                                                                                                                                MD5:FE10063F4A895C45C6F50E4B031A7B7E
                                                                                                                                                                                                                SHA1:6B2E8F116DBDD03A7AD19C0C156C0C3824AA1AD4
                                                                                                                                                                                                                SHA-256:FE3E5FDBC7265A8463D2AB98D7066DF486717A760501CBCFB3E8EBD7478CCAA5
                                                                                                                                                                                                                SHA-512:36A8EA42F7D35192DF68246520A7F91946A8E7DCF3747112C6FB2DBB9159F2DC31AF527BC0A66772EE379E08C3036E16D6B191DC34AE0B3D324BC42F83EA32FD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:nw.Window.get().evalNWBin(null, 'js/ui.bin');

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\notify.html

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):728
                                                                                                                                                                                                                Entropy (8bit):4.71398599337068
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:5+yDRCNffyDnofUI2NwznbqAbDEEfI1WsBlb8A9o5AT8xRpNouRiFlTBhn1jVMbu:5TWfIou6bqkEZD8Aa5ATbVMq
                                                                                                                                                                                                                MD5:F8C5A6B15445FEE35C9FE2BD008BF9F7
                                                                                                                                                                                                                SHA1:1972A0B9993E74563D31C346B330B0DAE2F6B53F
                                                                                                                                                                                                                SHA-256:290E440283F05688880A737A7914689B788647A5A7CA9DC5AE8221A32F627C33
                                                                                                                                                                                                                SHA-512:A988F76832D18BC4B8A1E63BBDBE6A0665657C8DD8A0F3415D0C2CEBDA5CB31C178A31150A462BF43F6A36AE2FBDEB19D283E25347D7AB9F443954064BDC863C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<html>.. <head>.. <link href="css/notification.css" rel="stylesheet" />.. <link href="css/normalize.css" rel="stylesheet" />.. <link.. href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap".. rel="stylesheet".. />.. </head>.... <body>.. <div class="notification-background"></div>.. <img src="icons/fast.svg" class="fast-icon" />.. <img.. src="icons/icon-close.svg".. id="notifyClose".. class="notification-close-icon".. />.. <div class="notification-message">.. <span id="notifyTitle" class="notification-message__title"></span>.. <span id="notifyText"> </span>.. </div>.. </body>.... <script src="js/notify.js"></script>..</html>..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\ui\package.json

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):339
                                                                                                                                                                                                                Entropy (8bit):4.504668979187309
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:3HWLGbc65cCRvFNKM1G1Jt/BoFkSH4xIr0HFKvFQ/uNjDIqONUVFyvNMukI9c8DP:VQ65cCRv+1Jt/PSYxI4HUUTNUu+ukI9H
                                                                                                                                                                                                                MD5:D0408667A024FE29169D7E1C262F6494
                                                                                                                                                                                                                SHA1:E120E7E1F8E8C693588500474B8F7F835006EBEF
                                                                                                                                                                                                                SHA-256:CA445644916F41B112A7B7F375F996C9C918CF085061533ED141FEEF466294D7
                                                                                                                                                                                                                SHA-512:3798D788F661420A8DCD24B7B124A9E61C235A81755E7518EB3159C21664C37ED98054DCE75DAFA224B264CAF991455F13AB54B1DD7213C89839D42A3A2BDB25
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{.. "name": "FAST!",.. "main": "index.html",.. "window": {.. "title": "FAST!",.. "icon": "images/fast.png",.. "toolbar": false,.. "width": 960,.. "height": 460,.. "show": false,.. "resizable": false,.. "frame": false,.. "show_in_taskbar": false,.. "always_on_top": true,.. "position": "center".. }..}..

                                                                                                                                                                                                                C:\Program Files (x86)\Fast!\uninstaller.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):478629
                                                                                                                                                                                                                Entropy (8bit):7.908880957557781
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:NbE/HUAVynxpO573XXh0lR+ALK7tYMCu3SmZTf438ZtjCUfNcGP5CZ8uAIq6CSnF:NbcA/O5HR03nKx/K8j2C/PgAI6A1sA5
                                                                                                                                                                                                                MD5:2E5238FEEBEDC51991E906DA9A14E16A
                                                                                                                                                                                                                SHA1:EDFB5738C14F6BDFDF86EE0E17A0876C971881F6
                                                                                                                                                                                                                SHA-256:4C4ED8B69558B565F3B6181A70677379FA86FF869170D2EDF2BD519F1162638B
                                                                                                                                                                                                                SHA-512:CC775B22192F6026866BB1C57056F87729944A9EA31CD8DD151D07AF8A48CDDDB6CD7487B6B545CD0177697D24126E7AA204E214594588950F6FA7DF61EE0C14
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@..................................k....@..............................................L...........=..`-...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...P...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                Entropy (8bit):1.331661290031592
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrc:KooCEYhgYEL0In
                                                                                                                                                                                                                MD5:C1C0BCF3008144066ABA6B16F097EA99
                                                                                                                                                                                                                SHA1:AC63900C956FB523B32743F83F3FDCA2548BC975
                                                                                                                                                                                                                SHA-256:FC18DD4B78E9598727D4AC2CB20B47617A96B0ECA1900D88338AC12BFBC47833
                                                                                                                                                                                                                SHA-512:385D3206B41D9A256BC524D3005E74BE33B80C647DAA07184FF074F6B1173D6E2722CCE12D1AD688997595DF12300E1C0D72F1095BDFB387BE435EC6A02D59C4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0x329c3a9a, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                Entropy (8bit):0.422128626414005
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:zb9tb9rSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzA9:zb9tb9raza/vMUM2Uvz7DO
                                                                                                                                                                                                                MD5:C8EF0BDE2B9EB29E00F06A155CCF5647
                                                                                                                                                                                                                SHA1:9E152FBB93F42A39ECCB4E3C4DDC439894171B9F
                                                                                                                                                                                                                SHA-256:2F69BD363FE6B484ACAD4A2ABDC06DB85D03246923E203B72F8771C41CD3116C
                                                                                                                                                                                                                SHA-512:5F3E88DB9709D248B392E965C3F72AE5AC0466D35D5F77DC350817F0D89256EC1A0AEB878078BDDE1CD8C75CC2696B08BD7D23CEF36BE44E53972937DB8A0E48
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2.:.... .......A.......X\...;...{......................0.!..........{A.92...|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................v..92...|..................B.k.92...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                Entropy (8bit):0.07723676295296628
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Ll8Yer1Zihlkjn13a/WHmcht/lollcVO/lnlZMxZNQl:Ll8zr1Zihlk53qWHmchQOewk
                                                                                                                                                                                                                MD5:F5B685CC9CC273FB69EE2BD95090E9D9
                                                                                                                                                                                                                SHA1:EE0B8E0FF6434877394A7CA494756CAC669610DE
                                                                                                                                                                                                                SHA-256:EAF081CF19BF381F0AD3045B431C3DC04A14D3A02FA8CDF5CC858E1A2CD735DA
                                                                                                                                                                                                                SHA-512:03F974176C5B48E583F4EBFF23E3E627D168E1664DA9B8CADB96FD37B1815DB101E502AB7AED2CC9CCD4F171B93E6E4A480B7122582B29D57566BBABCB537785
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:q]......................................;...{..92...|.......{A..............{A......{A..........{A]................B.k.92...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):131033904
                                                                                                                                                                                                                Entropy (8bit):7.997763079224339
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:3145728:lWm4EkXPikhk8/f6smzMPLgQrY0Z/oE7e39wWrUd2Ym8y7rzGqAQPi:/wXP5lQcLgKBBq3Yd2YmV7rzGzQPi
                                                                                                                                                                                                                MD5:599BAD8E7D2363415B86A08F4ACD243A
                                                                                                                                                                                                                SHA1:930C91815F9B3BC9DD3C9E876F37425A3094074E
                                                                                                                                                                                                                SHA-256:57814315C08CF3C65A3FE12E3474B6EA4254305237B7BB44B181524A4E18DA08
                                                                                                                                                                                                                SHA-512:296FF0A02AF1EFF378EC421FB3E4090FB4834956C738F40AE1AF540B3E8A323511953435E6D0EFDB49571B68974D1464BDC8E10E50D2A9E8261B7431E9CA93EE
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@..................................k....@..............................................L...........=..`-...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...P...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):144688
                                                                                                                                                                                                                Entropy (8bit):6.667845757025275
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:4YRHFhhMmofU98VLVFqZ3/FnKk2vlQBOJ2LcjNal+laLMQ03hc3J2tjF6+hjIEKT:NRlhhMmh33NnaE6O0vF6wBYqW2popg4
                                                                                                                                                                                                                MD5:FC41CABDD3C18079985AC5F648F58A90
                                                                                                                                                                                                                SHA1:51A619DDCB3661AA8675C2D7483840AC4F991746
                                                                                                                                                                                                                SHA-256:FA159F50E67FB5829F0F2511E25111C719411E6B6152FEA97F3A296264C7D7A4
                                                                                                                                                                                                                SHA-512:691090B54CE52D7E8BCFFF2711ADE7A6A8BB21B409358D7BFFC2053A53C116C7C22896F21BA36945A54F094D963CD9361A132D2E165365FE287C02F3C60356ED
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s..s..s.....z.....f.....{.....x..s........x......r......r..Richs..........PE..L...O.*W..........................................@..........................`............@...... ...........................!..x....0.. ............&..0....@..........8...............................@............ ...............................text...8........................... ..`.data...h...........................@....idata..j.... ......................@..@.rsrc... ....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\dskres.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):2636
                                                                                                                                                                                                                Entropy (8bit):5.19736182475543
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:kKXK//6zXledsGZqdfb+ko3kELe9XwMZM6TPM9CWOVuAADXQkZ+G7:LoWGZvkELezy64/ZXr
                                                                                                                                                                                                                MD5:9CAA25A733AFDF68BC2C71AA55215F77
                                                                                                                                                                                                                SHA1:93930AE0369B444CEADEB743E415C3F46506193B
                                                                                                                                                                                                                SHA-256:A5D46A4058D2B453234DA5BEB693A081CFC891B67E87449F21CACFAB643B26E7
                                                                                                                                                                                                                SHA-512:E9602EADDF57782678D41A135A95DED4AABFB0FF45EB9EBDC63BA7451A01294408CEEB27FEAE56A0E582539CBB8667D62BE19CC85627554EF9D2A6FD5AF6596F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<Results>..<System>..<ComputerName>494126</ComputerName>..<Tool>..<Version>2.0.17a</Version>..<VersionDate>2016/5/01</VersionDate>..</Tool>..<RunTime>2024/03/06 09:51:38 GMT</RunTime>..<ProcessorTopology>..<Group Group="0" MaximumProcessors="2" ActiveProcessors="2" ActiveProcessorMask="0x3"/>..</ProcessorTopology>..</System>..<Profile>..<Progress>0</Progress>..<ResultFormat>xml</ResultFormat>..<Verbose>false</Verbose>..<TimeSpans>..<TimeSpan>..<CompletionRoutines>false</CompletionRoutines>..<MeasureLatency>false</MeasureLatency>..<CalculateIopsStdDev>false</CalculateIopsStdDev>..<DisableAffinity>false</DisableAffinity>..<Duration>10</Duration>..<Warmup>5</Warmup>..<Cooldown>0</Cooldown>..<ThreadCount>0</ThreadCount>..<IoBucketDuration>1000</IoBucketDuration>..<RandSeed>0</RandSeed>..<Targets>..<Target>..<Path>C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp</Path>..<BlockSize>4096</BlockSize>..<BaseFileOffset>0</BaseFileOffset>..<SequentialScan>false</SequentialScan>..<RandomAcces

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\error_mini_empty_path

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\full_installer_done

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\installer_start

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\installing

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\systeminfo

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\tempPOSTData

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1622
                                                                                                                                                                                                                Entropy (8bit):5.2384035445224635
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:YZ1HdtyDF9hj3ZMqr8ZPfOqfTpHMmg8xNTOC4Y4fwwe:oNdAxpMtZPPbhMmNBOC54oL
                                                                                                                                                                                                                MD5:25958C34DE97DFD383167438851F1685
                                                                                                                                                                                                                SHA1:ED270DD59D0567F85281842EF27F73F8D0732A0E
                                                                                                                                                                                                                SHA-256:64E1542D6B4DD7FCAE744609DBB5958AA95833CEA670033104884808BA788F57
                                                                                                                                                                                                                SHA-512:D6868B27020FD8A6B5F359785BF9FDE2A11ED6AD8F44AD4B174056718B7D797AEEF76312C4A9B76B036B10AE2880D164F1FE85D58E27A544563352305311CDF9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"2C19DK","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"8DVXF2SE+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"Ado

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\tempPOSTResponse

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):121
                                                                                                                                                                                                                Entropy (8bit):4.227223605095569
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YGVE8fptxgW4uj8XWRv6z24uj8XWR+P2YqJlQV+A1:YGFRtx4uEp24uE3eYUKV+6
                                                                                                                                                                                                                MD5:2C557FC464D7BA0CCE6D80FD9546472A
                                                                                                                                                                                                                SHA1:1745E349309C42952FFBF137655747D62CA8011F
                                                                                                                                                                                                                SHA-256:70B85AA31DFF4A75A70413198BED863DCF59D400076FD29163F805475ACAE5E4
                                                                                                                                                                                                                SHA-512:8EB39318EC6BCA0BBD360D4EA73C06550E568E52793A4925ADB0EF88C5085B400892A8A4AA0AD502E13571066DF3607BAED754F968301A48E99E46522E8C049F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"cpg":"default","inst_excl":{"eula":"skipped"},"inst_addon":{"eula":"skipped"},"inst_path":{"show":true,"startup":true}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\temp_settings

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39
                                                                                                                                                                                                                Entropy (8bit):2.3650627250719287
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:QXJL0JuJtQhL0n:QZsuJtx
                                                                                                                                                                                                                MD5:49ADCDCFE913E5F4782EDDB2EA401444
                                                                                                                                                                                                                SHA1:5A7829CFC2530E14ABAF1AF159A625F948C08F36
                                                                                                                                                                                                                SHA-256:FBF17A834BD29FB6EDD8B59E0C47FDB7E15F047BE3C4568FCABCEF0B9C8B4129
                                                                                                                                                                                                                SHA-512:8D6F25C6697A9FBD458773FFAB15916718BE57333ADB9B168300A59D37EFC8F02F589CCBFAFECA0F15BF7D4494496C5A1052AF8DF69870D0C81ABB4C1FA4C699
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:1,2,64,1,0,0,2,5,256,1,1,1,1,2,64,1,0,0

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):104857600
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                MD5:2F282B84E7E608D5852449ED940BFC51
                                                                                                                                                                                                                SHA1:2C2CECCB5EC5574F791D45B63C940CFF20550F9A
                                                                                                                                                                                                                SHA-256:20492A4D0D84F8BEB1767F6616229F85D44C2827B64BDBFB260EE12FA1109E0E
                                                                                                                                                                                                                SHA-512:2798503C2C7B718799324122137BF30A562AAD1BC04BBF343DAAD225A5FD0D1FD5D269843A01AB00D4F8D8C5AB34F8956065F9831EF7459E9C487E895099E956
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\003d2da0-91e6-45b0-898c-d7c3998fc21e.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2828
                                                                                                                                                                                                                Entropy (8bit):5.6225953821936665
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:FA8F4840EF07F94418D6D4C14F8AD3BB
                                                                                                                                                                                                                SHA1:5BB9FA631B5E834937FA0ECA2E3115EAAD7CF72B
                                                                                                                                                                                                                SHA-256:77A828666CF8F528E3FB461D67E1D17707B8DB83B9270647A219F69BA742470D
                                                                                                                                                                                                                SHA-512:A70A45E5A1F283861B024DA24D8D399E7BB595542AEAE538C0D728237C30D53027D276AA9DDA7C54F8024827126DA6F746FC8F3CE089C72D01C1C4A2C90474D1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"browser":{"shortcut_migration_version":"119.0.6045.105"},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"policy":{"last_statistics_update":"13354192320805388"},"profile":{"info_cache":{"Default":{"active_time":1709718747.553113,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_locked":false,"gaia_id":"","is_consented_primary_account":false,"is_ephemeral":false,"is_using_default_avatar":true,"is_using_de

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\46be71dc-6c00-4136-9193-8498eeb48411.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2658
                                                                                                                                                                                                                Entropy (8bit):5.633579752902187
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A0C2432E0D84389DE798DD7926B778BF
                                                                                                                                                                                                                SHA1:2ECF7AA82FFFE6B45C654050DF023CF2680574BA
                                                                                                                                                                                                                SHA-256:B4FA9DF689B35B9C8A1FA8330347AE4B7341976CA137915A30592D657D3AE248
                                                                                                                                                                                                                SHA-512:BA5313BC0153FC1072F4A4126B40CFFDF12E6151690F5FAC4407B8C32AC8482028CEB12F4409E0EA9BFF5D6319592C08049E21AA1F0E85DB5B0DF680734459CB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"policy":{"last_statistics_update":"13354192320805388"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_locked":false,"gaia_id":"","is_consented_primary_account":false,"is_ephemeral":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"Person 1","signin

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics\BrowserMetrics-65E83CC0-770.pma

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2199023255552.000000, slope 264534264499836813312.000000
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                Entropy (8bit):0.32488696961015473
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5C1711B7579240157D5C5AD22769823E
                                                                                                                                                                                                                SHA1:99872C52DA85DBA47334E3164BB4EBFDFFF2FC78
                                                                                                                                                                                                                SHA-256:936F7D6DB80BA86334131F293DDF819C6FC5FF0DC763D7A8510E46AAC80AA0B7
                                                                                                                                                                                                                SHA-512:9D8C6670926A8B255724142072192DAAC642ECD77D38936176D0EB9EA837F72E9DC00BBA3C1DF865EB17CF0161474BDF00589D65455B6A191D90F159A2538806
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@...............hI...H..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....G.........119.0.6045.105-64-devel....".en-GB*...Windows NT..10.0.190452l..x86_64..?........".loovrm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J..m#:^...YJ..<..S...G=J....W....J?P.j....... .8.@............%.................$3e670913-c26c-453b-bfad-2292d14535cf...2.....6.'D.I.V.bHA.7L..]..<..8...(...SyntheticOptimizationGuideRemoteFetching....Disabled.0..,.......HttpsFirstModeClientSetting.....Disabled.<..8...$...Segmentation_ChromeLowUserEngagement....Unselected...0..,.......Segmentation_SearchUser.....Unselected...4..0.......Segmentation_ShoppingUser.......Unselected...4..0.......Segmentation_CrossDeviceUser....Unselected...4..0.......Segmenta

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1048576
                                                                                                                                                                                                                Entropy (8bit):0.016298874395703957
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CF4A7EE0529ACE6D8349AC6369F6A8F8
                                                                                                                                                                                                                SHA1:EAD71015B7DCECC8297078CF0D12619034269C93
                                                                                                                                                                                                                SHA-256:E05BFACF01C4D2CC9178493BDB67C8CD3489ADD072F0AF4ED473F5DDBC127460
                                                                                                                                                                                                                SHA-512:E251D7BD6936E04D7E009A5786D619D66FA81E27C72F00C8A4756F9C4C30F6C45CC3D9ADC74D1E531C945C8C31C9642AA0E781E85CF1D461BA9703AE2227295C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...@....................@...............p...................`... ...i.y.........CrashpadMetrics.....i.y..Yd.X.......A.......e............,........5l.*...................5l.*.................UMA.PersistentAllocator.CrashpadMetrics.UsedPct.h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A...................V..>....?....{.................?....{.................UMA.PersistentAllocator.CrashpadMetrics.Errors.. ...i.y.[".........................i.y..Yd.........A..................._..-.....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......A...................V..>x.../.y.KO................../.y.KO..................Crashpad.ExceptionEncountered.......i.y..Yd.........A............................K..0.................K..0.................Crashpad.ExceptionCode.Win...... ...i.y........K..0............i.y.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\metadata

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):114
                                                                                                                                                                                                                Entropy (8bit):4.029437163437117
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:204831FF7572A865D986F5DCE64BF11A
                                                                                                                                                                                                                SHA1:B10466063A2DFE29F901B3DCD3774088149AB29A
                                                                                                                                                                                                                SHA-256:4FDAC18C23CFAA70ED0CFDC565AD79FAF95110BA736A253BFDA1A2C0EFCDC236
                                                                                                                                                                                                                SHA-512:C5418A5632D98D1A60C8A56A5AB76C645143E0BCB50A87179F60D3842FC8B0DBC914FB246DB3189A9EAA4E567DC426B47D0CA08EDF04BB98B79C2A481D296D5D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:DAPC............Ax...L.d.c..'.....)....<.e............................acf37841-a79a-4c19-8564-e4639ee527a9.dmp..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\acf37841-a79a-4c19-8564-e4639ee527a9.dmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:Mini DuMP crash report, 13 streams, Wed Mar 6 09:52:01 2024, 0x200000 type
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2179280
                                                                                                                                                                                                                Entropy (8bit):3.8721472668040193
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:C4CBB021B29B7B0A12DC343E72620058
                                                                                                                                                                                                                SHA1:C5FAA8FB8C06A4A45F89A056F4420D59B3C35252
                                                                                                                                                                                                                SHA-256:D4F547834CFC73E26F6197F372CB6FB0F3E0D730CED70A5C0E80CE26C04EC9A5
                                                                                                                                                                                                                SHA-512:41E324AC08617C25177D1354946A4FCF62AC93C561068FAA1D17D45AD2E8372ABA55B9320E8C81FA927DB091715610ABEB7583CA51D3AEDE73F9882AEA0AD576
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MDMP........ ........<.e.. .........8...........T...............X...............................0"...............9....PC@....<...... ...l@......pG........kKG....c.......s...d....kK%.......................eJ..............L.B.........................2.0.0.6.....T...G...p....<.e................................................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................W.i.n.d.o.w.s. .N.T. .1.0...0...1.9.0.4.5...2.0.0.6.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                Entropy (8bit):3.3041625260016576
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:FB6791C90C4FB1A0EF50F5218E5936B1
                                                                                                                                                                                                                SHA1:618AD741929782DC82D9C56942D464096AFED7B4
                                                                                                                                                                                                                SHA-256:F6D9C7C3A0123E426A197F17DF7308FC37719E3947C292CB4B2DC362472542C5
                                                                                                                                                                                                                SHA-512:EBEE4505D27A5AC71630CCFD370E1A3C530E8B3FF4AA3B22302F602C3C32A9BA22A586C99F26DD9F9ADDBFE64717D8F4249F80225B4F7E296A42390A5718763F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:sdPC....................J......D..Ua...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\0aaa79f2-786e-4ded-afd9-a3b2cef81c35.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3844
                                                                                                                                                                                                                Entropy (8bit):4.904775333381023
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0542FA127178C2168A53C6476824C92
                                                                                                                                                                                                                SHA1:9DEC52EC18D45C62A2593A22DFB154D745C9C5F1
                                                                                                                                                                                                                SHA-256:6D8BE17BAE7BF294E17248F617A7A58920AB926787D17AF0CA86652011C50865
                                                                                                                                                                                                                SHA-512:0E7EC8A507BD49AE6DB266C4367C54093475DDE12C709C4284D7E63435EC8C2B09697158B84E6A846D50867FF25957C0C6CD00A1F2ECC7A7D303955CDF9F3BDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\0b4b5613-ffd2-4792-95ae-84c89d8732bc.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):5031
                                                                                                                                                                                                                Entropy (8bit):5.123258174503018
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D2A7F3698EB8D84E3428866EE919B898
                                                                                                                                                                                                                SHA1:E1A75F9455741CABB853217349BC1596441716DF
                                                                                                                                                                                                                SHA-256:83FDE5EDF6B8FE1AB76E91FD0944D10AF0CD7A0E34433A1CE851DDEA3F3DEDA1
                                                                                                                                                                                                                SHA-512:E4F66D7DB7A4AC55200A0E6BCAAD70326D036AB343AE7E365A5BB986BCC7FF08403A6A199C187E534AEBC5A2ED9D6290B42B8A2A93DCDF8FE739587BD0EE36C9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false,"window_placement_popup":{"bottom":984,"fullscreen":false,"left":980,"maximized":false,"right":1280,"top":884,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\166a3f0d-b4ce-4e83-a4d9-9ee4b1e1d343.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4663
                                                                                                                                                                                                                Entropy (8bit):4.946333344247304
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:ECBFD52B36260F423BA12CFE64EC5D30
                                                                                                                                                                                                                SHA1:7E4E7D48FEDF21AB6345CD0B9E4DB18E6F14D0ED
                                                                                                                                                                                                                SHA-256:78A18A1093A760938506EAEEEBE9103927E0C631B92C678895D7EC8F5E8BA226
                                                                                                                                                                                                                SHA-512:966327E1D39B668A22C60D90048802107931FEF9C18873A981EF748A0CCE6D1A0A3EA9A4A81B7ECF8AE7144583867C25FD7DAB23C9AD48A21548FE88EE0FDACF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false,"window_placement_popup":{"bottom":722,"fullscreen":false,"left":160,"maximized":false,"right":1120,"top":262,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\418c1649-4f35-4fc4-8c66-61fb9e1df2bf.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4367
                                                                                                                                                                                                                Entropy (8bit):4.937297289362634
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:06BFCCE2FEBA6CB8CC5975666FC1D793
                                                                                                                                                                                                                SHA1:39138AC03B13115E624110EAD47E429BF5001D09
                                                                                                                                                                                                                SHA-256:610AA7AD6070D5326F994F3F2293E9D47170402918D4F28A2AE23785630AF0F3
                                                                                                                                                                                                                SHA-512:A4137F5A4A6B1ACABB8982D2B77D487FDCF40DFD3DA5E014C4E7DFC5FBAD179F3A23A18A295941074F6386EE673697C78361CD90BC0884B63F3E79320E0DE502
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\4add9a35-2415-426f-8d37-93da214458f9.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):151668
                                                                                                                                                                                                                Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\5688c492-0ecc-4110-b9d8-97b7f782f3a2.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\5b64430f-eb82-4eab-87dd-5a611016ffb2.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4165
                                                                                                                                                                                                                Entropy (8bit):4.918297543815985
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:8DD04F2BD8F15FB8DDAAE78C4EEAFFEB
                                                                                                                                                                                                                SHA1:2E58550B4A9E7D6842090719B1A9046A4BAF0F6C
                                                                                                                                                                                                                SHA-256:C3A49CE5C059219A918D84CB3D0EBF653BB543E6E79438783522D698A4D17C59
                                                                                                                                                                                                                SHA-512:8E17474D6D63787BE4B3AC492D489A31F86EFACC12391073FEA7EB43827F168B334D65F021759ABDA7565311843168F781751BC89F43B9EA9625D1FDE067677D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\5e9824d7-e015-4d75-b450-87c6dda2090c.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4107
                                                                                                                                                                                                                Entropy (8bit):5.515801130991735
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:ABCAFD9FDDC55E77FC02C24129F8FA3C
                                                                                                                                                                                                                SHA1:E9EA77031935E1DA0C29183A64C35A1737E09AB6
                                                                                                                                                                                                                SHA-256:6419B6EB42149D20BAE05910377298B0F2BAB61D8888017E48DFD44796EEB84E
                                                                                                                                                                                                                SHA-512:958EB35FC4127DD15A51B17DDF28EB057F970CA19CA2D82A19793DFEE82DF86733561CF9146831E05D60F10F941A8B7F289F9738DF30C0AE923B41C6964F9AF5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate","pdfViewerPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354192321229935","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354192321229935","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QID

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\6acf4aae-a8e1-4ad3-b83f-b3f239aece70.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):151668
                                                                                                                                                                                                                Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\82b75023-d0b9-4062-9c97-95d435958ddc.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4295
                                                                                                                                                                                                                Entropy (8bit):4.932069562312602
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B4940956D800FA8D1F1E86BFC479641E
                                                                                                                                                                                                                SHA1:DD1B1B68724D1B668652C798CD1C10524B1ACBBC
                                                                                                                                                                                                                SHA-256:E66B85586B8A4BA86D67EE8B53E4254ADA9898D32C371157C4F26F7A6D7AA061
                                                                                                                                                                                                                SHA-512:DA346FB039E9FF2AA36CD95AD2F52B582FC9486AF91B5804CE15398A597E0CA54C882980027F0A7949B6377F52F69CEC58F65D5F80FE6CDAB527116039065571
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Affiliation Database

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                                Entropy (8bit):0.40014189446483467
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:00AF4A50B4E83413600C40BE126B17B1
                                                                                                                                                                                                                SHA1:D6C2AAC58F581C4EA3B45C997A922DD99B2396CD
                                                                                                                                                                                                                SHA-256:95A77058925FC8DC392E2A4CF51D60EE41FFA49967A6E3BD4F34EFE3F0473E0E
                                                                                                                                                                                                                SHA-512:8B95EE2EFCA34EFE82A7E53E3C9EF68B481F174A5545C6A0AF9BB104AB43EF9554E2FB439522D4308886A8B04C9BC912472E82AF1E0964A5CA89906F0C646A02
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....e...$.y.....Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                                Entropy (8bit):0.02066973132778748
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:1FE2ED441780801247AD9A502C0E9246
                                                                                                                                                                                                                SHA1:AE21D86A9F016678309B1E14A2FC5AA9B37A912C
                                                                                                                                                                                                                SHA-256:B54397CB27681FB815F4392B33D6A035286F12E21C6855F5340431CFF195723C
                                                                                                                                                                                                                SHA-512:D2617A00824E29743EF5B3E8D6140B5D9376B8FD391DABDFB6089B78943986DF4A7225AD359B57A79AC4BFF31B970E3CF1F0BF795D48C6C40108B8528BD9B1AF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:dBase III DBT, next free block index 3238316739, block length 1024
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):0.02654856922914954
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:DD3F98E8621F985B581D56690AFA1B54
                                                                                                                                                                                                                SHA1:164B68B072B51F85285D84E607789D059838529F
                                                                                                                                                                                                                SHA-256:394BBD1BAD3F9DEE05A1C66056FE15D1DAF3BEF218DCF0827B33B179DD565F58
                                                                                                                                                                                                                SHA-512:367D0393428D855C43652A2F96A5DF30CCD01BA9FB82EADC5F57EE8D9CFABC12B3ABF695C84420F60F36646FF73FABC1122694728D3702E1DD8ED6FD9537C171
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................................................................................?.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1056768
                                                                                                                                                                                                                Entropy (8bit):0.061068543356778374
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:9455654A32F4AE549A4A698B90B71EEC
                                                                                                                                                                                                                SHA1:428F2FDC18BDB8D9920F96E22EBF25D23B3AB155
                                                                                                                                                                                                                SHA-256:98E1954E75A4B9E995CB7FF6BCB6BAEAC95926FF0C493D01817D85A42CD2373F
                                                                                                                                                                                                                SHA-512:4121409A9C7A9916CE17B939BF3F1BC6BA0096D2176D06B55EF1CDC3C7D8D2BC9944CDE2D544A71C30361C3940B548136807D384B45CC308BEF2C9B9D587D358
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4202496
                                                                                                                                                                                                                Entropy (8bit):0.03587441842155375
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:0CC6F8013CBFFF14F91589514D9F932C
                                                                                                                                                                                                                SHA1:C40F7ED06D3ACBCA81BFBFA5CF37E1CF84B02391
                                                                                                                                                                                                                SHA-256:5D8B6D988612905F4369A8B42630A98929E99D197875BFFBE4F535AA825EBD66
                                                                                                                                                                                                                SHA-512:CEAE155362EFAF7FCC6716B7E4799BAAD81E51C215795947A552457A3B34E0C044C0F6F85E37468C10BF9F5A87503A4491BD91998169EA122EDD37964726C79A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\f_000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):46704
                                                                                                                                                                                                                Entropy (8bit):7.994860687757006
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:30A274CD01B6EEB0B082C918B0697F1E
                                                                                                                                                                                                                SHA1:393311BDE26B99A4AD935FA55BAD1DCE7994388B
                                                                                                                                                                                                                SHA-256:88DF0B5A7BC397DBC13A26BB8B3742CC62CD1C9B0DDED57DA7832416D6F52F42
                                                                                                                                                                                                                SHA-512:C02C5894DFB5FBF47DB7E9EDA5E0843C02E667B32E6C6844262DD5DED92DD95CC72830A336450781167BD21FBFAD35D8E74943C2817BAAC1E4CA34EAAD317777
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:wOF2.......p......................................O......^?HVAR.g.`?STAT.8..4/l.....<..6..f.0..\.6.$..H. ..\..>..[`....|...........7o.)....C81=......g#l..PA.c.......%...$.K.....|}}....8H.\Yd.....2c.J....0K.....I..k...F..f......,L.....P...JGwj..KM....n..,..o.....n.ck...1...%.<.....;5...9..2....=b.....("4..:.k...K_...`.5v..2@...,_.3..6..@PR.]...f!X.~..b.....-..9.....?.=:kt.'@_...N...8.i......Fo..S.C.=%.........W.@7d..%......,"h...b@.DE.]l.n..(;......E.ng].`....8..C;m....).u8.....4...%..c.A.hc]....s.{.+....J..Rq...f..I;.B..g.....j.@~.........H.........:]Dc.J.6r..].".c...8j...v. M.PXB.,.v...M..NtOO.......Z`-.i..X.....".y....c.....+..e[..(..q...u..kh.k5W..=OK{.;...7...V...I.FMTWv.Dv.[..^`......JY..:.,.. tgKhC..2-...I..S..'...IL..........p......&:..(...g..B.`......%U....-.m.D.b.m..p..26.0D.....$j.r...w..z.9.)`..n.I..B...s"es...;..vY...6.T...**..2o.....W.Lu:wx.?.7..x......C..E.^SE..F.5WcMi..a..n...X...t.........6.j.j..M.9..a.....f<J.....@.&f..'.|.....p

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):524656
                                                                                                                                                                                                                Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:56031F60D16A9A39298BCF5882F498DA
                                                                                                                                                                                                                SHA1:0894B15F59B1E10FE8DE5BABCB95D23913DBAD31
                                                                                                                                                                                                                SHA-256:F0771BA0F1575AAB52F39F4830EF6FDB58C62E1E0A6A8EF6B4529C974A07EEC1
                                                                                                                                                                                                                SHA-512:F92637FF28CB7F8F3143EF1B9E4F2C1E3F4669F150DBB217526EEE1F8C5715D3A8A60CB0FBE91CDB253BF17D6D5BA8ACE0CAD5B22CC5731234A6ADA410F63E24
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................b..2.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\js\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9138909867280645
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B313A08AF86C6D9B0A2A3FF2C247BC90
                                                                                                                                                                                                                SHA1:67EF0B71901E087BBD445F8A80D84DC6EC2B667F
                                                                                                                                                                                                                SHA-256:E7287DE2F23B6E401EB627D2BA3DE947DD529240F75568684DAD7A89671B6F26
                                                                                                                                                                                                                SHA-512:567D5D5D54D767F098F7F9628C659B237B64AD97AD814FDDA27501F7DDF80DD4098CC23CD7490ECEC8DC3DA7C7F8D764C3FCC3293C03FFBC7246BE462F20F53B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(......(oy retne........................l2.1.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9138909867280645
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B313A08AF86C6D9B0A2A3FF2C247BC90
                                                                                                                                                                                                                SHA1:67EF0B71901E087BBD445F8A80D84DC6EC2B667F
                                                                                                                                                                                                                SHA-256:E7287DE2F23B6E401EB627D2BA3DE947DD529240F75568684DAD7A89671B6F26
                                                                                                                                                                                                                SHA-512:567D5D5D54D767F098F7F9628C659B237B64AD97AD814FDDA27501F7DDF80DD4098CC23CD7490ECEC8DC3DA7C7F8D764C3FCC3293C03FFBC7246BE462F20F53B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(......(oy retne........................l2.1.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\wasm\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9138909867280645
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B313A08AF86C6D9B0A2A3FF2C247BC90
                                                                                                                                                                                                                SHA1:67EF0B71901E087BBD445F8A80D84DC6EC2B667F
                                                                                                                                                                                                                SHA-256:E7287DE2F23B6E401EB627D2BA3DE947DD529240F75568684DAD7A89671B6F26
                                                                                                                                                                                                                SHA-512:567D5D5D54D767F098F7F9628C659B237B64AD97AD814FDDA27501F7DDF80DD4098CC23CD7490ECEC8DC3DA7C7F8D764C3FCC3293C03FFBC7246BE462F20F53B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(......(oy retne........................l2.1.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9138909867280645
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B313A08AF86C6D9B0A2A3FF2C247BC90
                                                                                                                                                                                                                SHA1:67EF0B71901E087BBD445F8A80D84DC6EC2B667F
                                                                                                                                                                                                                SHA-256:E7287DE2F23B6E401EB627D2BA3DE947DD529240F75568684DAD7A89671B6F26
                                                                                                                                                                                                                SHA-512:567D5D5D54D767F098F7F9628C659B237B64AD97AD814FDDA27501F7DDF80DD4098CC23CD7490ECEC8DC3DA7C7F8D764C3FCC3293C03FFBC7246BE462F20F53B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(......(oy retne........................l2.1.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\DIPS

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                Entropy (8bit):0.48501264914835496
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:488B96461D0C0FA8B982BB166FC27762
                                                                                                                                                                                                                SHA1:8B5E1EFECC6F8BCC7EE3B268DF24617D90F9B8D3
                                                                                                                                                                                                                SHA-256:00609ACD8EB04F3D6D0ED908DC05534118D6B39C72DBA68F657B39CD74E3BB9E
                                                                                                                                                                                                                SHA-512:34E2BF9BC61FE71B36C102D6FBBF34161461FD597435B4E68BBD7465E34A513B7F1688E16073E113EF707F4B2168848A56A510978EDBA76AE696DF00FC55E74B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:6EBFC19277A2135B2AF5DB93B4521F9A
                                                                                                                                                                                                                SHA1:97C99C4AA57F92825A4099C19BDCE37E4F76664E
                                                                                                                                                                                                                SHA-256:A1829E38074EA40223B9193768931A8B252AF48FAB4A76ED675DD42EBECE2A75
                                                                                                                                                                                                                SHA-512:B3C99290F4D38515700D7DC8094509566E890A5EA1E8EFD9FE561659CEF32811AB8D539AE402328C77EAF659AD089969BAFF822301DE41D90E0E4E582E9C1FDA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................-..1.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):76
                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CC4A8CFF19ABF3DD35D63CFF1503AA5F
                                                                                                                                                                                                                SHA1:52AF41B0D9C78AFCC8E308DB846C2B52A636BE38
                                                                                                                                                                                                                SHA-256:CC5DACF370F324B77B50DDDF5D995FD3C7B7A587CB2F55AC9F24C929D0CD531A
                                                                                                                                                                                                                SHA-512:0E9559CDA992AA2174A7465745884F73B96755008384D21A0685941ACF099C89C8203B13551DE72A87B8E23CDAAE3FA513BC700B38E1BF3B9026955D97920320
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):261
                                                                                                                                                                                                                Entropy (8bit):5.2028775700716805
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:8A7E03AEEDAC8C5EBAD18EB6ECAAC018
                                                                                                                                                                                                                SHA1:5E896E6D7A83A36BDFC7741B2AE600361A365EEC
                                                                                                                                                                                                                SHA-256:50BFAA1783C35737E298A5D2F6BB6099477C85343F2D6F82421ABE39024E2E1E
                                                                                                                                                                                                                SHA-512:8560B1792609EE85D2DBCD6CACA0212438A17DC645BB396FE4476F5F9F062852E4DA322F913744A2007718CB6B89A5570BEA47C50096C7155F957B4A1C29CF94
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/06-10:52:03.734 ffc Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules since it was missing..2024/03/06-10:52:04.348 ffc Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):38
                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                                                SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                                                SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                                                SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.f.5................f.5...............

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):265
                                                                                                                                                                                                                Entropy (8bit):5.173356652387376
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:05D8168515E5A591EC7F499BDC9A1B12
                                                                                                                                                                                                                SHA1:649779731294EE11E7FB8B3813697FC1AEA151A9
                                                                                                                                                                                                                SHA-256:B99575D377039343C5EEF02BA9B6C19B0D058B6490CFA021A78AB5EDB709782D
                                                                                                                                                                                                                SHA-512:3D67C0494FCF507CB27A36A845249D20F53A958D4C03CA7B4F8B4371A60A7DBC6C8435FDEE9B7DA3A420205B6F0CE9D795022E094783CE2EE6BA3FE0DC37665A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/06-10:52:04.417 ffc Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts since it was missing..2024/03/06-10:52:04.464 ffc Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):114
                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                                                SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                                                SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                                                SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):261
                                                                                                                                                                                                                Entropy (8bit):5.161768022818612
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:24D0187ABC325FC373C450A33DC4201B
                                                                                                                                                                                                                SHA1:41CC24BBD9729857E3982CB342B39E72F8800094
                                                                                                                                                                                                                SHA-256:853132C61F2C20B3EF523864A387B57F1EA23BE74B85A3D3AE0E984449A1EF2E
                                                                                                                                                                                                                SHA-512:C78DE1B7D36EB15E376C9CAA0FA698EDC1F3D854A5D97EDFE8FEBE2764B753300A0CE193D98139FF951A31B61069C3B503875ADC55408B535EC00CA529FD592C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/06-10:52:04.467 ffc Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State since it was missing..2024/03/06-10:52:04.480 ffc Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Favicons

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):0.6975083372685086
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
                                                                                                                                                                                                                SHA1:C569D730853C33234AF2402E69C19E0C057EC165
                                                                                                                                                                                                                SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
                                                                                                                                                                                                                SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:EA1A111A669ADBCC3487B42C61A12AFD
                                                                                                                                                                                                                SHA1:B192C28DB6A59E82802701F447A0FE434349C03C
                                                                                                                                                                                                                SHA-256:8DDC0FDA5574F302B794C61C96A3421246BB463617F2EB05426560C05086620E
                                                                                                                                                                                                                SHA-512:BC4B84DA01BAB3C340E830F1CFCFD37982F915FD0C178B057EC9E61003CA4468870923FBA596140C411A7C47D882D10ABF7DE76CCB3C02979E6CB7E00F3EE4A8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........................................O.1.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Google Profile.ico (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):151668
                                                                                                                                                                                                                Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Google Profile.ico~RF3b468f.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):151668
                                                                                                                                                                                                                Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\History

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 40, cookie 0x21, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):163840
                                                                                                                                                                                                                Entropy (8bit):0.6076684244860672
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B829624A2519229DDF121B8DCAF13997
                                                                                                                                                                                                                SHA1:E0D6207BC99388ED36E509206BF8F96B51810522
                                                                                                                                                                                                                SHA-256:28CEC70500227C091321422B2446D3FE9DD95BC2E7B0674B26F6BE96EA4A4D2D
                                                                                                                                                                                                                SHA-512:3D9E4C883F1C02E27F091393D0A4245AD8A288C28DF7CEE2CC77113B19FBA70B521B13D46FCF5A9071FA6C621B5A23BE66E0D0565ADB1CC28ADBBE3C50F30D04
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:SQLite format 3......@ .......(...........!......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):273
                                                                                                                                                                                                                Entropy (8bit):5.20060893630922
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:0D8702C080D0648F0C18FBB599FE5B23
                                                                                                                                                                                                                SHA1:52A1EA4B4903719AD862E4296B71491A1FBB19B1
                                                                                                                                                                                                                SHA-256:D24330A5D97C9421641947F53BBA862AEBE1F996DE6B033EBCD3AE6087364391
                                                                                                                                                                                                                SHA-512:A169BF3ED65775767288428FEB18294E66A9B408B15FC0F5368841083E6F27A337B36B5FD34555BB9BE49219DB59D3607DE9BC62BA7EFCE14CF245AD03CC1DE1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/06-10:52:05.363 e14 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb since it was missing..2024/03/06-10:52:05.409 e14 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Login Data

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                Entropy (8bit):0.8553812935198943
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A1877CA6FEF34566AF96AF105F154DEE
                                                                                                                                                                                                                SHA1:8DF5BEE9F7E2ECE02F854056A3CC1DFDADC7A298
                                                                                                                                                                                                                SHA-256:BA40B8EB55AEAF252FD740BFED6B2C99B057110F9FE1F684C9694EC0B7BD80F0
                                                                                                                                                                                                                SHA-512:D82F9FA88583B07DF5309086056BAB6308304DD4F75F63CA8E769A9938F4FCC8214EFC1F7AAD78DD437121E1E32829E25E0C2259C28CEA385DC0F5A9BA1D9E69
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Login Data For Account

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                Entropy (8bit):0.8553812935198943
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A1877CA6FEF34566AF96AF105F154DEE
                                                                                                                                                                                                                SHA1:8DF5BEE9F7E2ECE02F854056A3CC1DFDADC7A298
                                                                                                                                                                                                                SHA-256:BA40B8EB55AEAF252FD740BFED6B2C99B057110F9FE1F684C9694EC0B7BD80F0
                                                                                                                                                                                                                SHA-512:D82F9FA88583B07DF5309086056BAB6308304DD4F75F63CA8E769A9938F4FCC8214EFC1F7AAD78DD437121E1E32829E25E0C2259C28CEA385DC0F5A9BA1D9E69
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network Action Predictor

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                                Entropy (8bit):0.40293591932113104
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                                                                                SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                                                                                SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                                                                                SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\5e736fc3-5fc7-4b69-97e4-e0ec33b4051d.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Cookies

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A1BCF7BF637CC64E444CBBE6B4467C5C
                                                                                                                                                                                                                SHA1:BF4D19094D159673C6BF26AD61EAD8117297E759
                                                                                                                                                                                                                SHA-256:D3D5336E4EA8FA68ED90B4B4C6DC2E9710CE20483B21988D4A928AE5E391502E
                                                                                                                                                                                                                SHA-512:6F5114413C87ED0D0ED7B291EABADF82CE924B66CA3009CDD5EB5180354D23F6EFA91E02E69B20B79717580C2A4618E53BBEC12EF01B3474B9E68B36AE65AA6A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                                                SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                                                SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                                                SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State~RF3c6f02.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                                                SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                                                SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                                                SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                Entropy (8bit):0.7551331045685084
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CD550EACD32ABED8A21F7BE4F4CBDE2A
                                                                                                                                                                                                                SHA1:FFDA28219ADFB5F9AE29DF1510330F9AE7641883
                                                                                                                                                                                                                SHA-256:5448A589A98D308CCDD7A76E75C4256F10F887AA2F08B63ED51D54A27DDDA948
                                                                                                                                                                                                                SHA-512:ED4D415D75DE65EB0F961A7863BB15679358C93BBAC4B53C2DC3C800D4B91FCA6F101B5C7B07FA3216B94D306CC250C5C9EE99A4FAE5515DD09CD44B11309526
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\d70140ac-2ac3-4f1e-8b74-698c57747232.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                                                SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                                                SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                                                SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\f2a84aaf-fa1d-43ed-a7cb-3099fa71fc95.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):974
                                                                                                                                                                                                                Entropy (8bit):5.434065184241939
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:BF2642C1C9714C0039BA1B565663F5DC
                                                                                                                                                                                                                SHA1:261D41DC69D0090829D07AACE5714D240A4CD373
                                                                                                                                                                                                                SHA-256:1726C486F62F3E73ED018C03ABF986BD11FBDAB4C006C06F53AE2749DB8CA782
                                                                                                                                                                                                                SHA-512:175B467CBFD26C4AB8BB4024DC3E7A1F8B0A8B0B84FF6B348165C9E27C49C7344D6F9FC3AC7A1AE01DFC907CC778788D5FD985161CAB01DB2489124E5BB12794
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356784346939615","port":443,"protocol_str":"quic"}],"anonymization":["MAAAACsAAABodHRwczovL29wdGltaXphdGlvbmd1aWRlLXBhLmdvb2dsZWFwaXMuY29tAA==",false],"server":"https://optimizationguide-pa.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356784334231157","port":443,"protocol_str":"quic"}],"anonymization":["OAAAADMAAABjaHJvbWUtZXh0ZW5zaW9uOi8vbnBhaW1taGhqY2ZoYmRvZ2RmY21sbGRnZ2xwbGRoYm0A",false],"server":"https://fonts.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356784344102387","port":443,"protocol_str":"quic"}],"anonymization":["OAAAADMAAABjaHJvbWUtZXh0ZW5zaW9uOi8vbnBhaW1taGhqY2ZoYmRvZ2RmY21sbGRnZ2xwbGRoYm0A",false],"server":"https://fonts.gstatic.com"}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3844
                                                                                                                                                                                                                Entropy (8bit):4.904775333381023
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0542FA127178C2168A53C6476824C92
                                                                                                                                                                                                                SHA1:9DEC52EC18D45C62A2593A22DFB154D745C9C5F1
                                                                                                                                                                                                                SHA-256:6D8BE17BAE7BF294E17248F617A7A58920AB926787D17AF0CA86652011C50865
                                                                                                                                                                                                                SHA-512:0E7EC8A507BD49AE6DB266C4367C54093475DDE12C709C4284D7E63435EC8C2B09697158B84E6A846D50867FF25957C0C6CD00A1F2ECC7A7D303955CDF9F3BDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF3b8f40.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3844
                                                                                                                                                                                                                Entropy (8bit):4.904775333381023
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0542FA127178C2168A53C6476824C92
                                                                                                                                                                                                                SHA1:9DEC52EC18D45C62A2593A22DFB154D745C9C5F1
                                                                                                                                                                                                                SHA-256:6D8BE17BAE7BF294E17248F617A7A58920AB926787D17AF0CA86652011C50865
                                                                                                                                                                                                                SHA-512:0E7EC8A507BD49AE6DB266C4367C54093475DDE12C709C4284D7E63435EC8C2B09697158B84E6A846D50867FF25957C0C6CD00A1F2ECC7A7D303955CDF9F3BDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF3bd840.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3844
                                                                                                                                                                                                                Entropy (8bit):4.904775333381023
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0542FA127178C2168A53C6476824C92
                                                                                                                                                                                                                SHA1:9DEC52EC18D45C62A2593A22DFB154D745C9C5F1
                                                                                                                                                                                                                SHA-256:6D8BE17BAE7BF294E17248F617A7A58920AB926787D17AF0CA86652011C50865
                                                                                                                                                                                                                SHA-512:0E7EC8A507BD49AE6DB266C4367C54093475DDE12C709C4284D7E63435EC8C2B09697158B84E6A846D50867FF25957C0C6CD00A1F2ECC7A7D303955CDF9F3BDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF3c1171.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3844
                                                                                                                                                                                                                Entropy (8bit):4.904775333381023
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0542FA127178C2168A53C6476824C92
                                                                                                                                                                                                                SHA1:9DEC52EC18D45C62A2593A22DFB154D745C9C5F1
                                                                                                                                                                                                                SHA-256:6D8BE17BAE7BF294E17248F617A7A58920AB926787D17AF0CA86652011C50865
                                                                                                                                                                                                                SHA-512:0E7EC8A507BD49AE6DB266C4367C54093475DDE12C709C4284D7E63435EC8C2B09697158B84E6A846D50867FF25957C0C6CD00A1F2ECC7A7D303955CDF9F3BDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF3c4ca5.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3844
                                                                                                                                                                                                                Entropy (8bit):4.904775333381023
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0542FA127178C2168A53C6476824C92
                                                                                                                                                                                                                SHA1:9DEC52EC18D45C62A2593A22DFB154D745C9C5F1
                                                                                                                                                                                                                SHA-256:6D8BE17BAE7BF294E17248F617A7A58920AB926787D17AF0CA86652011C50865
                                                                                                                                                                                                                SHA-512:0E7EC8A507BD49AE6DB266C4367C54093475DDE12C709C4284D7E63435EC8C2B09697158B84E6A846D50867FF25957C0C6CD00A1F2ECC7A7D303955CDF9F3BDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF3c7bc3.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3844
                                                                                                                                                                                                                Entropy (8bit):4.904775333381023
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0542FA127178C2168A53C6476824C92
                                                                                                                                                                                                                SHA1:9DEC52EC18D45C62A2593A22DFB154D745C9C5F1
                                                                                                                                                                                                                SHA-256:6D8BE17BAE7BF294E17248F617A7A58920AB926787D17AF0CA86652011C50865
                                                                                                                                                                                                                SHA-512:0E7EC8A507BD49AE6DB266C4367C54093475DDE12C709C4284D7E63435EC8C2B09697158B84E6A846D50867FF25957C0C6CD00A1F2ECC7A7D303955CDF9F3BDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"account_tracker_service_last_update":"13354192323973620","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354192321228966","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354192326219155","domain_diversity":{"last_reporting_timestamp":"13354192323974952"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"82150065-9ae7-4911-a46c-10bbdb070fa9"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"5kPXggfODDqnUAO22TCzmXVh/4ejsG9MZoqNTWfho1TiemlvofxJjuzykwgYDzVVoSZTeS7ZXLWfjZLTCa+vZQ=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\PreferredApps

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                Entropy (8bit):4.051821770808046
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                                                SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                                                SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                                                SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\README

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):162
                                                                                                                                                                                                                Entropy (8bit):4.273886413532386
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:44028E0E05F8498268AA16B5D1BF19FF
                                                                                                                                                                                                                SHA1:1C241C407F2903727920B5069C4582F5D33369C8
                                                                                                                                                                                                                SHA-256:2952D4AD35DC8E19F3D10CEFA90B832EB3923B88C472A22F6FD57D4A5CF84E74
                                                                                                                                                                                                                SHA-512:A8F677CFB8EB25A8A8287AB2ADCF72932FF9AEBFC54EACF55034342BFFA10A212C487B11895C005605737569C24800F5EA82AA9A3FDAED10FD084E897A8FF2C4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:nwjs settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through nwjs defined APIs.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4068
                                                                                                                                                                                                                Entropy (8bit):5.518351627825427
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:05297386786A21F70BF3BC8C60A0934B
                                                                                                                                                                                                                SHA1:6948845BA3D25AD585B9E51D97D912791C1A3479
                                                                                                                                                                                                                SHA-256:C4DA2530530F244D11B50BE9DEBFFD6DD1C4443735792DF6D8472DE0E0C30569
                                                                                                                                                                                                                SHA-512:846E48680798A0E26E8FB2D3EC3E0433AB47E4238935A6060693D2888114306D117F60845376D3C23FB14160CB52503FF8A8FF084D0E02F7E8E0E3CEA3110B63
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate","pdfViewerPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354192321229935","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354192321229935","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QID

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Secure Preferences~RF3b8c52.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4068
                                                                                                                                                                                                                Entropy (8bit):5.518351627825427
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:05297386786A21F70BF3BC8C60A0934B
                                                                                                                                                                                                                SHA1:6948845BA3D25AD585B9E51D97D912791C1A3479
                                                                                                                                                                                                                SHA-256:C4DA2530530F244D11B50BE9DEBFFD6DD1C4443735792DF6D8472DE0E0C30569
                                                                                                                                                                                                                SHA-512:846E48680798A0E26E8FB2D3EC3E0433AB47E4238935A6060693D2888114306D117F60845376D3C23FB14160CB52503FF8A8FF084D0E02F7E8E0E3CEA3110B63
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate","pdfViewerPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354192321229935","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354192321229935","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QID

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Sessions\Session_13354192331947602

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3075
                                                                                                                                                                                                                Entropy (8bit):4.1345523261418515
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:92E8700A08601B46CF0C8C5B5D2BBE2A
                                                                                                                                                                                                                SHA1:07C55AB833587F6EE17DF26DDC2655141D1F825C
                                                                                                                                                                                                                SHA-256:D4037E1217A2E3A412C4A8EBCF31084CA0EE3C23C730B53F96EA4A1E9D8E9958
                                                                                                                                                                                                                SHA-512:C4C17F93E49505DCD4A7D8A88908E344DB22989E8B49C783EAA5F550233887746670D3E2A3819B9A1578D28A84B2E4783F17E8D294F1A3738E7F072CDB574534
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SNSS.......M..@....5..0...M..@&..._nwjs_npaimmhhjcfhbdogdfcmlldgglpldhbm.........M..@...... M..@.......N..@.......N..@....!..N..@...............................M..@N..@1..,...N..@$...2120ad24_c5b3_4e30_b954_4dc4fa816ebb...M..@.......N..@......52.q/.......N..@...........N..@....>...chrome-extension://npaimmhhjcfhbdogdfcmlldgglpldhbm/index.html..............!.......................................................................................................6WR.....7WR.....P.......h...............`...........................................................>...c.h.r.o.m.e.-.e.x.t.e.n.s.i.o.n.:././.n.p.a.i.m.m.h.h.j.c.f.h.b.d.o.g.d.f.c.m.l.l.d.g.g.l.p.l.d.h.b.m./.i.n.d.e.x...h.t.m.l.....................................8.......0.......8....................................................................... .......................................................P...$...e.1.3.e.d.5.c.7.-.b.c.a.5.-.4.4.4.e.-.9.6.6.3.-.2.1.8.d.f.6.6.a.5.5.d.1.................P...$...3.7.9.9.d.1.8.7.-.d.f.f.c.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Shared Dictionary\cache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Shared Dictionary\cache\index-dir\temp-index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:60191B547E58CEFE8A9DDCDF5E5007A4
                                                                                                                                                                                                                SHA1:463213D3659AFE0E52F0152740F79044035BC5AA
                                                                                                                                                                                                                SHA-256:AC60EB75873B9FE63314F490153C6781627D02FC89887B5F0935D64D93C0F9A1
                                                                                                                                                                                                                SHA-512:6791DDB7B923943265CDDDEAE4D7CCB949FC294208333F5F45FA0905DB2A459A16D48D44F4B8E6B8C1F2F5F01DFF922DD4BBF2825505AB65E021BE24C8B676D4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(....:j.oy retne...........................1.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:60191B547E58CEFE8A9DDCDF5E5007A4
                                                                                                                                                                                                                SHA1:463213D3659AFE0E52F0152740F79044035BC5AA
                                                                                                                                                                                                                SHA-256:AC60EB75873B9FE63314F490153C6781627D02FC89887B5F0935D64D93C0F9A1
                                                                                                                                                                                                                SHA-512:6791DDB7B923943265CDDDEAE4D7CCB949FC294208333F5F45FA0905DB2A459A16D48D44F4B8E6B8C1F2F5F01DFF922DD4BBF2825505AB65E021BE24C8B676D4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(....:j.oy retne...........................1.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Shared Dictionary\db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 11, cookie 0x8, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                                Entropy (8bit):0.40813221339801603
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:7C86C0A51A889FEF2886135262FBB1ED
                                                                                                                                                                                                                SHA1:C19182B0AE7F8CDDCC5F835EB01C93C4B5A7BE8E
                                                                                                                                                                                                                SHA-256:E8E1A6894109AF2955E1C6DE54921452C926058576CEF56AE654A357404FCBD9
                                                                                                                                                                                                                SHA-512:0A9580D95CFF5F6E9C16651331BBA41FD7CAB2AAAE027B69498763F25CF6DF91E0E527A2735566A92D63C63CE62E2069B1760C241A11C07F904C84071121F352
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....~.........Z..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Shortcuts

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                Entropy (8bit):3.473726825238924
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                                                SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                                                SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                                                SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.On.!................database_metadata.1

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):291
                                                                                                                                                                                                                Entropy (8bit):5.08567074623668
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:939D03E01475C71BC17523FEA912B83D
                                                                                                                                                                                                                SHA1:2936E75585EDF51741A6C7D3773B4BCAF15A8C5F
                                                                                                                                                                                                                SHA-256:F077719827B63DF8B9A3D218E9B5D0E4949843826EED24115451564BFBBC754D
                                                                                                                                                                                                                SHA-512:81CBA2E4EEEEF82A4147596F4FB8D7DEA240CA032194C63CE95CDBAE2FD55244CA543BFC64AEFA351CA107CE0DB754635071823CF589DDC05F6B943F4BC6AA97
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/06-10:52:03.704 1f0c Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database since it was missing..2024/03/06-10:52:04.341 1f0c Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):46
                                                                                                                                                                                                                Entropy (8bit):4.019797536844534
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                                SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                                SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                                SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):267
                                                                                                                                                                                                                Entropy (8bit):5.185584870662532
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:C9BCC2AB9BF7A38FC0F36828160BB3EF
                                                                                                                                                                                                                SHA1:D0A93367D393BA5B7B65DD332E8FFFA34429F7A5
                                                                                                                                                                                                                SHA-256:39BAEEF7B8836029B520295FF926BD58CADB77D1B2FB5E611F317566A5F5AA13
                                                                                                                                                                                                                SHA-512:9DC089FA3A169E8409CD161A2754B1ADCD3CE9E7DF28C194C1DCDBFC74DEA58093BD93766188825BC04C0DF693CC538557D1FC533D56D248244A97682930FF5B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/06-10:52:03.721 1404 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB since it was missing..2024/03/06-10:52:04.347 1404 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Top Sites

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):0.375597039055199
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:8C7D45D642EABC72A37E8C4D1ABAD65E
                                                                                                                                                                                                                SHA1:BFFA29FD9A30F53336F987FEC4CDF0788ABE20C1
                                                                                                                                                                                                                SHA-256:270E8A34810ED611D970F37CF72528AAF45456718F50D4077889637374685A84
                                                                                                                                                                                                                SHA-512:28C2BF727A15D11DBEC3C54CF1A7CCAF1ED59C4DC52914D73DF93E5F496C267922AA866B99F06BA295EC7C75084EA6632C0E2C2CDB0474281559EC152A670407
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Visited Links

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):131072
                                                                                                                                                                                                                Entropy (8bit):0.004456791727617393
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:9DCC10766772FEAF0C13575A9ABFD410
                                                                                                                                                                                                                SHA1:C0E8B627D5877FCA7B737BF486ECDA4F3ABD9CCA
                                                                                                                                                                                                                SHA-256:1279F31BE8533435FD39F016E7706CAC7E0506FBC3832F10BE1526C7359B1922
                                                                                                                                                                                                                SHA-512:21E1958712D1413B89CA46310813D1EFD74305BD44DBC6D46600B75C78B8BCF7E18CD012A5D93548348835CD0086842828EC02B2420678447B0B295943579B64
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:VLnk.....?........3...ig................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_nwjs_npaimmhhjcfhbdogdfcmlldgglpldhbm\FAST!.ico (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 9 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28134
                                                                                                                                                                                                                Entropy (8bit):4.6192880827651255
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:7649A1AD4DAB9AF22FB0DC10A3387AC3
                                                                                                                                                                                                                SHA1:80505EB7619536E8AA806AE38A82F26671FF4E16
                                                                                                                                                                                                                SHA-256:4BB154D3011F21F0032B2657AD61C49A0954C26AB5BAEF20469D986681A8FF50
                                                                                                                                                                                                                SHA-512:6432268B7A2431F385E2465FA9E4F9DFC81F3F912521BC498158EA6C5DE4746EF46E1CB766D63B6930BC7FBD2F90B71193A0A1C205FE5BB81EC8DC4C4C26EB96
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h............. ............... ......... .... .........((.... .h....-..00.... ..%..>H..(............. ............................=...zb...Tl.[w.~...............\f...}.......\z..k..&...............}...........p..B........Zt............................[u.~\y..............................y..&...E..........t........r............................`|.........................gd...Vr..................................(............. .............................~..c...%....e~..`|.u...................Ep...c.....Tk...Qp.....<................n...T...............]u.....@..............0....Zt.........................e~.j..........................x........a{.vRo.............................m...........;d...............rT................................x...........................@..............[........Ol..Wt..................................[x..^|..........................................(............. ...........................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_nwjs_npaimmhhjcfhbdogdfcmlldgglpldhbm\FAST!.ico.md5

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.875
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:C8EB2C4BEC8226D567DBE9DFB508DA7C
                                                                                                                                                                                                                SHA1:B4089FB427D35068F8824AC78867FFAACA200DBE
                                                                                                                                                                                                                SHA-256:768E68A4AD1333A64352F7199CBB54C5F797E70E4ACCDB86829EB98272603A23
                                                                                                                                                                                                                SHA-512:5CBFE5915112A6DD803A63F42A34643A524FF7F3E7D8299636BA25F83228B7CECCDCADE9B82D0E2E5D9A96A401B857DE2B25F2468D8C418F577764F3BD02D688
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...b......Yt=W..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_nwjs_npaimmhhjcfhbdogdfcmlldgglpldhbm\dd8993e9-a6af-4384-9212-9af5d6a588ca.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 9 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28134
                                                                                                                                                                                                                Entropy (8bit):4.6192880827651255
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:7649A1AD4DAB9AF22FB0DC10A3387AC3
                                                                                                                                                                                                                SHA1:80505EB7619536E8AA806AE38A82F26671FF4E16
                                                                                                                                                                                                                SHA-256:4BB154D3011F21F0032B2657AD61C49A0954C26AB5BAEF20469D986681A8FF50
                                                                                                                                                                                                                SHA-512:6432268B7A2431F385E2465FA9E4F9DFC81F3F912521BC498158EA6C5DE4746EF46E1CB766D63B6930BC7FBD2F90B71193A0A1C205FE5BB81EC8DC4C4C26EB96
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............ .H............. ............... .p............. .h............. ............... ......... .... .........((.... .h....-..00.... ..%..>H..(............. ............................=...zb...Tl.[w.~...............\f...}.......\z..k..&...............}...........p..B........Zt............................[u.~\y..............................y..&...E..........t........r............................`|.........................gd...Vr..................................(............. .............................~..c...%....e~..`|.u...................Ep...c.....Tk...Qp.....<................n...T...............]u.....@..............0....Zt.........................e~.j..........................x........a{.vRo.............................m...........;d...............rT................................x...........................@..............[........Ol..Wt..................................[x..^|..........................................(............. ...........................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Data

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 55, cookie 0x22, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):112640
                                                                                                                                                                                                                Entropy (8bit):1.1263272074545
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:3CE4A1DD35C689BB7C6749D9456BF4C3
                                                                                                                                                                                                                SHA1:56C246CBA79885F683021C8DDE23A72472FA66FC
                                                                                                                                                                                                                SHA-256:044F412FA691D891299003FB22E1F4992C4B17475CDB0F79F11E258C9BEBE468
                                                                                                                                                                                                                SHA-512:22C3C475DCCB416D966FAFF17EE02816D277BFFDB54EAC01B6F5D9D0A0952A6DBAB7CD37A0391284EADBD8B7DE8A0B9BF71DDEABA1777FD162712844D16B4F06
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ .......7..........."......................................................j............2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                Entropy (8bit):0.41235120905181716
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                                                SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                                                SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                                                SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\cbe8b610-b606-4d99-94d1-afb8ff52d1b2.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4068
                                                                                                                                                                                                                Entropy (8bit):5.518351627825427
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:05297386786A21F70BF3BC8C60A0934B
                                                                                                                                                                                                                SHA1:6948845BA3D25AD585B9E51D97D912791C1A3479
                                                                                                                                                                                                                SHA-256:C4DA2530530F244D11B50BE9DEBFFD6DD1C4443735792DF6D8472DE0E0C30569
                                                                                                                                                                                                                SHA-512:846E48680798A0E26E8FB2D3EC3E0433AB47E4238935A6060693D2888114306D117F60845376D3C23FB14160CB52503FF8A8FF084D0E02F7E8E0E3CEA3110B63
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate","pdfViewerPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354192321229935","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354192321229935","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QID

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                Entropy (8bit):0.35226517389931394
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                                                                                SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                                                                                SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                                                                                SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5622
                                                                                                                                                                                                                Entropy (8bit):6.558786847336833
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:B5CB37BEA212B818103D8D148075E896
                                                                                                                                                                                                                SHA1:06BECD10814873B9477B448945D679F3A83E35AE
                                                                                                                                                                                                                SHA-256:C1F03E640F172AAD99E45FB8FE143FAE077107F6B8E789EA9B15E96EB64E8D58
                                                                                                                                                                                                                SHA-512:B9C559846CD6F74825012BAF956058389D33B7364DE560728810D73EC25789F2CD26DD4324C881A39F2C41923F140AD50DA604C6F01F4A493A8D9F4F59B5651C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:A..r.................20_1_1...1..F.................n...................37_DEFAULT_16v...h.... .(.0.R*.(....Session.TotalDuration.T<.A..GO .(.0.../.'.%....?..ChromeLowUserEngagement..Other...... .(...10..IF..................37_DEFAULT_21........... .(.0.RZ.X...CCommerce.PriceDrops.ActiveTabNavigationComplete.IsProductDetailPage.w.cG$.. .(.0.8.R9.7...$Autofill_PolledCreditCardSuggestions...c..vP. .(.0...$........?..ShoppingUser..Other...... .(...10..S4..................37_DEFAULT_23........... .(.0.RH.F...1Omnibox.SuggestionUsed.ClientSummarizedResultType.q/.v.g:` .(.0.8.h...8.0........?..Low......@..Medium......A..High..None...... .(...10..K.E.................37_DEFAULT_27........... .(.0.R=.;...."%..wait_for_device_info_in_seconds..60*.SyncDeviceInfoh.p...t.r.p....AndroidPhone..IosPhoneChrome..AndroidTablet..IosTablet..Desktop..Other..SyncedAndFirstDevice..NotSynced....= .(...10.X.fo6................37_DEFAULT_1001............ .(.0.R+.)....Sync.DeviceCount2..|u3.. .(.0.E....R1./

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):261
                                                                                                                                                                                                                Entropy (8bit):5.279951843740671
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:FE8ADD259FF74C475CBA1AC6A545A35E
                                                                                                                                                                                                                SHA1:51EA4FBD7CA281AE7010D64BF967EE3143A715C1
                                                                                                                                                                                                                SHA-256:144434179241EC566C38C985FFBB6DA95E8C23E3F7EB6C6D22BDA6F4A4AE8BDB
                                                                                                                                                                                                                SHA-512:63FE6860890F4405AC229EDDCDBBA77F27D0EE2DEF0D6D09C1AD38965387CE641EEF22C74B90B4584FCB8114A85385DB206A142ECD8A4D3661B62ACA31268401
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/06-10:52:04.418 7c0 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db since it was missing..2024/03/06-10:52:04.483 7c0 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):932
                                                                                                                                                                                                                Entropy (8bit):3.9322696070412806
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:AE6317726EE9CC45B852AF545678E447
                                                                                                                                                                                                                SHA1:3697BEA5BF8E9A37D0A695E36FF7C31F90C40F8B
                                                                                                                                                                                                                SHA-256:0E5F64974B94ED38BBFCFDEF884064F786E69091DC3CAC8A24FF875C7DE75F7E
                                                                                                                                                                                                                SHA-512:3D30F12DFF467F8436A0018E939C81F8654446C1F6AB9FA4FD44DAD9269418398574EDC28FC6F25D30836176E7315E13DD6AAF8C7DBA16478AB0E4FED32E2F5E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.h.6.................__global... .t...................__global... ...w.................44_.....a....................48_........?.................33_........[.................49_.......Z..................44_......./..................48_......7]..................33_.....o8p..................49_......x...................41_......5[r.................41_........_.................20_.....xS\}.................20_.....7..L.................19_..........................37_.....9 '<.................38_........J.................39_.......?..................3_......r+..................4_..........................20_.....v.3..................20_.....9....................19_.......}..................37_.....1.Q.................38_........3.................39_........J.................3_.....8....................4_..........................21_.....O.(..................21_......[...................9_........... .............9_.....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):279
                                                                                                                                                                                                                Entropy (8bit):5.220733975586655
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:2C8772F99140CA7045E4935AB6396B8B
                                                                                                                                                                                                                SHA1:8AAD9F508D0EC9D611AC65B2483A46C41BAE5942
                                                                                                                                                                                                                SHA-256:8E439734885BE1BA40453B55775F4210852DA0C5827997E2AA6FED9C588ED294
                                                                                                                                                                                                                SHA-512:5C3359FF76E3EB2F7B60583010ECE8F9B77B87492258D3C6677E5BCAF3DF96C4887C2B5B14B4786466C550765092BCBB4F0D8130ED518EDAA7AD7CA1C880B16B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/06-10:52:04.035 7c0 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata since it was missing..2024/03/06-10:52:04.366 7c0 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:53DEC87356468AE83D295F338D9AB0EA
                                                                                                                                                                                                                SHA1:D62E03F4539D01213E3E9B9546B6E9A6B383F751
                                                                                                                                                                                                                SHA-256:E1C43A2E27A97FA3E39C1A05DC47EEE3D06B28E6069E5E5E01BF78ABA41C4EDE
                                                                                                                                                                                                                SHA-512:3E41B57A2880425E3E5B613E84BE6F05497D9EA5F4AF825D40496FC614E78F0B85E3B04A64F7F4B17B985ADA78544D9F37646A9EFCCC38331B2BABE94EAE7DFC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................Y..1.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F8E9068651FD8EDACB0A77C808DA1585
                                                                                                                                                                                                                SHA1:AF4A0631C739E4EBD12719A5B782F877FA63F144
                                                                                                                                                                                                                SHA-256:541E91B85A4C36B750509BA1F752F5962479553F9E6905AE9647D019BE47A191
                                                                                                                                                                                                                SHA-512:81E6907FAE20611554ADF00E887ADB82F1D59B322FB768CD36B48404B91F47BCA17408E637BEF556196CCFDE75178567D9F7BA1FE87A13E0C90723897A92527D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...........................................1.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Last Browser

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):80
                                                                                                                                                                                                                Entropy (8bit):3.267091859889593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A53422B82D0B8F8E25E193BF62452674
                                                                                                                                                                                                                SHA1:66D47426A865A6F2E2D1BBEA6A9832C0872EF17F
                                                                                                                                                                                                                SHA-256:3687983DC312C0426D92B2094540DA529249D5B8C23E7A25154BF42EFED754AD
                                                                                                                                                                                                                SHA-512:2C9B0A9AD46930DB253476CD363A0633752C7DED10970A2985C681B019E1F6FE764755D6F1A904FB7820A959C39B9B4B0E0632FA1CE839E930FA144197096AC8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.n.w.j.s.\.n.w...e.x.e.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Last Version

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):14
                                                                                                                                                                                                                Entropy (8bit):2.6455933144511468
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:7FBACBA300F2A4D7D19A510D7DA4CF3F
                                                                                                                                                                                                                SHA1:82A371D323A11C7195567F77036214AC315BC2C4
                                                                                                                                                                                                                SHA-256:685029F648BEBC43B71E8DF8944A7BFDBAAF4F6535BC08BD791650339663E214
                                                                                                                                                                                                                SHA-512:2FD2ECAA4CD537925636D05EA53CE52030AD2ABC61F99913A8E4D64FE377E8177C291ED92E572CB94B44CCFCF96022528A7F55B1BB01A6F0C3F6285EA6BAB1A0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:119.0.6045.105

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Local State (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):868
                                                                                                                                                                                                                Entropy (8bit):5.673076501713001
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F5C959F46891401E57122CA79AAD4848
                                                                                                                                                                                                                SHA1:4EA8EB9B0F0653F571492D5D9D3E3008641A2CD6
                                                                                                                                                                                                                SHA-256:3EFCB7F77E7C9A346527F3B15BE6EB4AA193E478F719D5BBBD3B8389B67565D6
                                                                                                                                                                                                                SHA-512:2157E57D37470562C473A567DC35FA06F5C892126FC65F8B605C54A64BDBEB62329C47B1F36F2183A1AAAE4C867320EDF5C4C4BEBDECE91A7C26E8D603EF8C10
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"profile":{"info_cache":{},"profile_counts_reported":"13354192320725531","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709718720"},"user_experience_metrics":{"low_entropy_source3":4742,"pseudo_low_entropy_source":6514,"stability":{"browser_last_live_timestamp":"13354192320646185","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF3b6552.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):868
                                                                                                                                                                                                                Entropy (8bit):5.673076501713001
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F5C959F46891401E57122CA79AAD4848
                                                                                                                                                                                                                SHA1:4EA8EB9B0F0653F571492D5D9D3E3008641A2CD6
                                                                                                                                                                                                                SHA-256:3EFCB7F77E7C9A346527F3B15BE6EB4AA193E478F719D5BBBD3B8389B67565D6
                                                                                                                                                                                                                SHA-512:2157E57D37470562C473A567DC35FA06F5C892126FC65F8B605C54A64BDBEB62329C47B1F36F2183A1AAAE4C867320EDF5C4C4BEBDECE91A7C26E8D603EF8C10
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"profile":{"info_cache":{},"profile_counts_reported":"13354192320725531","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709718720"},"user_experience_metrics":{"low_entropy_source3":4742,"pseudo_low_entropy_source":6514,"stability":{"browser_last_live_timestamp":"13354192320646185","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF3b99a1.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):868
                                                                                                                                                                                                                Entropy (8bit):5.673076501713001
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F5C959F46891401E57122CA79AAD4848
                                                                                                                                                                                                                SHA1:4EA8EB9B0F0653F571492D5D9D3E3008641A2CD6
                                                                                                                                                                                                                SHA-256:3EFCB7F77E7C9A346527F3B15BE6EB4AA193E478F719D5BBBD3B8389B67565D6
                                                                                                                                                                                                                SHA-512:2157E57D37470562C473A567DC35FA06F5C892126FC65F8B605C54A64BDBEB62329C47B1F36F2183A1AAAE4C867320EDF5C4C4BEBDECE91A7C26E8D603EF8C10
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"profile":{"info_cache":{},"profile_counts_reported":"13354192320725531","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709718720"},"user_experience_metrics":{"low_entropy_source3":4742,"pseudo_low_entropy_source":6514,"stability":{"browser_last_live_timestamp":"13354192320646185","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF3bc96b.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):868
                                                                                                                                                                                                                Entropy (8bit):5.673076501713001
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F5C959F46891401E57122CA79AAD4848
                                                                                                                                                                                                                SHA1:4EA8EB9B0F0653F571492D5D9D3E3008641A2CD6
                                                                                                                                                                                                                SHA-256:3EFCB7F77E7C9A346527F3B15BE6EB4AA193E478F719D5BBBD3B8389B67565D6
                                                                                                                                                                                                                SHA-512:2157E57D37470562C473A567DC35FA06F5C892126FC65F8B605C54A64BDBEB62329C47B1F36F2183A1AAAE4C867320EDF5C4C4BEBDECE91A7C26E8D603EF8C10
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"profile":{"info_cache":{},"profile_counts_reported":"13354192320725531","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709718720"},"user_experience_metrics":{"low_entropy_source3":4742,"pseudo_low_entropy_source":6514,"stability":{"browser_last_live_timestamp":"13354192320646185","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF3c68e7.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):868
                                                                                                                                                                                                                Entropy (8bit):5.673076501713001
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F5C959F46891401E57122CA79AAD4848
                                                                                                                                                                                                                SHA1:4EA8EB9B0F0653F571492D5D9D3E3008641A2CD6
                                                                                                                                                                                                                SHA-256:3EFCB7F77E7C9A346527F3B15BE6EB4AA193E478F719D5BBBD3B8389B67565D6
                                                                                                                                                                                                                SHA-512:2157E57D37470562C473A567DC35FA06F5C892126FC65F8B605C54A64BDBEB62329C47B1F36F2183A1AAAE4C867320EDF5C4C4BEBDECE91A7C26E8D603EF8C10
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"profile":{"info_cache":{},"profile_counts_reported":"13354192320725531","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709718720"},"user_experience_metrics":{"low_entropy_source3":4742,"pseudo_low_entropy_source":6514,"stability":{"browser_last_live_timestamp":"13354192320646185","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:38995B36B4A8C625659BFD729C25B63F
                                                                                                                                                                                                                SHA1:81973D9B0B03102BFE673440D843E58DDC70761B
                                                                                                                                                                                                                SHA-256:B78D74CBDF03DE9FE5B52E088DE7E013788B2A67ABA8E9CC2F3D81F8FBC0DAAB
                                                                                                                                                                                                                SHA-512:F877C3432D96F18A3557AE893AEEA2446CF0CF68B208F7EBD91682539D9D23C542FC3072871AD314E4306B0C9BF611CC3031C35B0B2E9DC66EBB568B78169376
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..........................................1.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\Variations

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):86
                                                                                                                                                                                                                Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                                                SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                                                SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                                                SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\ac101f21-74d4-41d1-9c1d-07bac0390985.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):868
                                                                                                                                                                                                                Entropy (8bit):5.673076501713001
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F5C959F46891401E57122CA79AAD4848
                                                                                                                                                                                                                SHA1:4EA8EB9B0F0653F571492D5D9D3E3008641A2CD6
                                                                                                                                                                                                                SHA-256:3EFCB7F77E7C9A346527F3B15BE6EB4AA193E478F719D5BBBD3B8389B67565D6
                                                                                                                                                                                                                SHA-512:2157E57D37470562C473A567DC35FA06F5C892126FC65F8B605C54A64BDBEB62329C47B1F36F2183A1AAAE4C867320EDF5C4C4BEBDECE91A7C26E8D603EF8C10
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"profile":{"info_cache":{},"profile_counts_reported":"13354192320725531","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709718720"},"user_experience_metrics":{"low_entropy_source3":4742,"pseudo_low_entropy_source":6514,"stability":{"browser_last_live_timestamp":"13354192320646185","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\bcfb47af-c1bc-4678-8b89-1c6461e776a7.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2737
                                                                                                                                                                                                                Entropy (8bit):5.629977337903751
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:4618C6D27FB638E1EBC70F03C4B9919B
                                                                                                                                                                                                                SHA1:57B3688390F6663F81DDC306C86BB505E69E0EB2
                                                                                                                                                                                                                SHA-256:36E39F76A0A7B6BEE4561A9BA167D1D007F6A5113D89DEAA12C5A5F56FE92478
                                                                                                                                                                                                                SHA-512:AC7D0CB1618D2E1D1677562F51E1137055A08081CE38B917520535383E2E8C6C2FB9A358C10BC5F1F58C13DA44C749E75179B95E353E8754F6D0107F0CDE375A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"browser":{"shortcut_migration_version":"119.0.6045.105"},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"policy":{"last_statistics_update":"13354192320805388"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_locked":false,"gaia_id":"","is_consented_primary_account":false,"is_ephemeral":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_i

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\ce634672-97d9-49ad-b3d9-fa3cc5991fac.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2828
                                                                                                                                                                                                                Entropy (8bit):5.622657357534324
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CCEA75DFEA511D73F6A295206377237A
                                                                                                                                                                                                                SHA1:D7B9C3B3E4324B1E0FC446A5F7865FCD0282AE60
                                                                                                                                                                                                                SHA-256:5A66A70A0C4D0513D8B102F6894937475915253E585E8BB91789056E6307FA14
                                                                                                                                                                                                                SHA-512:CCF69725F488424FAB7D81B9EC6A17E9CF814C20536E8433A80355543A449AA836CD631ECEC2147B302EEC71F6199E68C2369956E3E805F657A85C196DDC8A9C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"browser":{"shortcut_migration_version":"119.0.6045.105"},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD/vb0OX7ktSZL6rQc16hasEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAMxnDcXURAHIpAoUIKXu+8/47j5vQDM0Cu3AbvRwypDsAAAAADoAAAAACAAAgAAAA6GdsVsL6RbjZsuBVUZNJgDBHdjpUymYvSsz0rT8kaeEwAAAAmvdkn+5vuRTidis39zZZQ7b/ks8S4UTeWpuN4sPA6qGKYeGKWkPkrp5R4osVDiB2QAAAAALPYrkrEvSM78rvkHoHH+/7vPRudlBEvUlJiCClqX7+PkuCYA9itdgN572KepO+V84dYIGBQOlu79ZrZn0N6b8="},"policy":{"last_statistics_update":"13354192320805388"},"profile":{"info_cache":{"Default":{"active_time":1709718747.553113,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_locked":false,"gaia_id":"","is_consented_primary_account":false,"is_ephemeral":false,"is_using_default_avatar":true,"is_using_de

                                                                                                                                                                                                                C:\Users\user\AppData\Local\FAST!\User Data\segmentation_platform\ukm_db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 7, cookie 0x6, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                Entropy (8bit):0.35721947592478775
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CF7B71E1F446640439290AAD6A36394F
                                                                                                                                                                                                                SHA1:3B9BFB524A8A82980E72DF39872AE77363CC9F85
                                                                                                                                                                                                                SHA-256:3B8B5249AF39D78D22B02D9E0E4DC26266086BBB77CAADBF28F1E38E8944691D
                                                                                                                                                                                                                SHA-512:C1707F678A11F0E3DED6D0634506554AC3E19D82A839991E1EDEE41BC70A0A6164F4AF4DE325B18E2BCB22C6C0CE21F62B6497FC54FCEBF0409FBF986519B84E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..................x..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\48760696-00a7-4537-a276-62c58f845f33.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                File Type:PNG image data, 752 x 234, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):766433
                                                                                                                                                                                                                Entropy (8bit):7.998144724333749
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A4EA5E955BD3B5FA5828259306DCFA27
                                                                                                                                                                                                                SHA1:860BFCD98B80D04BA234D6C49122DE4C75EFF729
                                                                                                                                                                                                                SHA-256:7B401DE8AA12A196C281EBB2105ED4D3955C7C85356B38826594514736312FC9
                                                                                                                                                                                                                SHA-512:F2D91135C4F6E88F8B5004E90D1CBA670AC038BA74B0E57C92328A4B4B214502E57BBF125FB353B1E8A9E43FE4B942FE1127891EA2B03DB59A8475BAF5E9A09E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...................gAMA......a.....sRGB.........pHYs.................PLTEGpL.$9.%9."7!4J.&;. ?.&<.)="3G.,@.%9.$9.-A.%9..D..B.$9.-A..C./D.%:.-A(8N.,@ /D.'<.$8&6L.,@.-B.%9.-B.*?.#8.#9.,=."6(8N.)<&6L)9O$4I#3I.%9 0E*:Q&6L'7M!1F$5J#4I*;S#4I(9N'6M(9N"3H)9O.!7)8O.%9.#5+;P=Ts...GpL.!8."6.#7.!6.$8.&;."7.%:.$9.#8.$9.*>.+?.%:.%9.#8.&;.(<.)=."7.!5.'<.&:.';.'<.+?.(<.(=.!6.)=.,@.&:.';. 5.,@.*>.%9.(= 1F.-@!2G.)>#3I.-A.+>"1F.-B.)> 0E.#7..4#4J.*?#3H.,A.$8.)<'7N..C&6L.*=!/E.+@..D#4I"/?.*?"2H /D.,?. 5*:P$5K./D'7M /E%6K&5K.+@(8N..B."6!0F.,B%5J'8M&7L.;O.*>..B+;Q(8O.+@.,A+<R#2H,=S!1G .C*4<%&D*:O%4J.&< .D.':..C*<Q.-C.*=&7L$4K#2G 0F.$:./C./E.#6.%;$5J.(;.#9):O.,A"3H.(;..*.#6.,@!/D."8.!7)9P.,?"0E-=T"3G.)=.%8+=R.'=."6..,.+?.(=..-.';../.&9.*=.'S.%9..2.';.6R?Uu.>U7Nm<Sq.2N'=Y.$9$:V3Jh. 1.%8-Ca*@]0Fd#4K."=.)6.#<.....-.#7r.....AtRNS....... @ .`..p...p.....@`..P..P0.`...0`..p0..P.....0.0........IDATx...S.....%K.M..c..S>.Tb{.x;.W...u........f7....)......P.....*...6.1R[>RtP4.....4.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\BigTestFile

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):25600000
                                                                                                                                                                                                                Entropy (8bit):2.1356396463632663
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:1492FBBA6D20809E4D0858576691329A
                                                                                                                                                                                                                SHA1:9D8819E052EA4A84A728D7E4BB13CF4B47858D71
                                                                                                                                                                                                                SHA-256:78AF5CA00A02EFE680D394FFF6596444A126ACD94276671747D24D29771EC6A2
                                                                                                                                                                                                                SHA-512:2B3C6DD8820B470AB744BC4DBBF41861F8E91305DCC936E2950C0EF80335B8A5C0F34BDE3B8BE5174ADC77ACF743B9910E9E651C6977DB83D88D4E38B310F848
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:8..8j..........................`-.........X.......\S...]to.........................8..............i...........................................Auo@Uuo............M..P.to............................................................p...........................................................]..H....>to.>to.....>to............>to:[to....................0.....................{v..................|v..|v...................y.....I..m..................(i...M...>..(>...h..........pi...i...i..$i..a................................................................................................................................................................................................................................................................................................................................................................................................................4+zv.........f..P[to.>..........................................qqqqqqqqqqqqqqqq........

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsb237C.tmp\Banner.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                Entropy (8bit):3.679447058913102
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A1B9BDEE9FC87D11676605BD79037646
                                                                                                                                                                                                                SHA1:8D6879F63048EB93B9657D0B78F534869D1FFF64
                                                                                                                                                                                                                SHA-256:39E3108E0A4CCFB9FE4D8CAF4FB40BAA39BDD797F3A4C1FA886086226E00F465
                                                                                                                                                                                                                SHA-512:CD65D18ECA885807C7C810286CEBEF75555D13889A4847BB30DC1A08D8948893899CC411728097641A8C07A8DCC59E1C1EFA0E860E93DADA871D5B7ACC61B1E5
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.............................. ......0#......Rich............................PE..L....Oa...........!......................... ...............................P............@.........................."..h...l ..<............................@....................................................... ..l............................text...j........................... ..`.rdata..(.... ......................@..@.data...<....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsb237C.tmp\System.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsb237C.tmp\inetc.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39424
                                                                                                                                                                                                                Entropy (8bit):4.684597989866362
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                                                SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                                                SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                                                SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsb237C.tmp\modern-wizard.bmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26494
                                                                                                                                                                                                                Entropy (8bit):1.9568109962493656
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                                                                                SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                                                                                SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                                                                                SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsDialogs.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9728
                                                                                                                                                                                                                Entropy (8bit):5.158136237602734
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                                                                                                                SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                                                                                                                SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                                                                                                                SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsJSON.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24064
                                                                                                                                                                                                                Entropy (8bit):5.819708895488079
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:F4D89D9A2A3E2F164AEA3E93864905C9
                                                                                                                                                                                                                SHA1:4D4E05EE5E4E77A0631A3DD064C171BA2E227D4A
                                                                                                                                                                                                                SHA-256:64B3EFDF3DE54E338D4DB96B549A7BDB7237BB88A82A0A63AEF570327A78A6FB
                                                                                                                                                                                                                SHA-512:DBDA3FE7CA22C23D2D0F2A5D9D415A96112E2965081582C7A42C139A55C5D861A27F0BD919504DE4F82C59CF7D1B97F95ED5A55E87D574635AFDB7EB2D8CADF2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.'..fI_.fI_.fI_3.H^.fI_.fH_?fI_.8M^.fI_.8I^.fI_.8._.fI_.8K^.fI_Rich.fI_........PE..L...`..Z...........!.....>..........E........P............................................@..........................X......@Z..P....p..........................H....X...............................................P...............................text...W<.......>.................. ..`.rdata.......P.......B..............@..@.data...@....`.......R..............@....rsrc........p.......T..............@..@.reloc..H............X..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\SimpleSC.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1110016
                                                                                                                                                                                                                Entropy (8bit):6.62382554711905
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:7B89329C6D8693FB2F6A4330100490A0
                                                                                                                                                                                                                SHA1:851B605CDC1C390C4244DB56659B6B9AA8ABD22C
                                                                                                                                                                                                                SHA-256:1620CDF739F459D1D83411F93648F29DCF947A910CC761E85AC79A69639D127D
                                                                                                                                                                                                                SHA-512:AC07972987EE610A677EA049A8EC521A720F7352D8B93411A95FD4B35EC29BFD1D6CCF55B48F32CC84C3DCEEF05855F723A88708EB4CF23CAEC77E7F6596786A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...9.`............................L........ ....@......................................................................................2......................@f......................................................X............................text............................... ..`.itext..d........................... ..`.data...x;... ...<..................@....bss....@d...`...........................idata...............<..............@....didata..............L..............@....edata...............N..............@..@.rdata..E............T..............@..@.reloc..@f.......h...V..............@..B.rsrc....2.......2..................@..@....................................@..@........................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\System.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\inetc.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39424
                                                                                                                                                                                                                Entropy (8bit):4.684597989866362
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                                                SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                                                SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                                                SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\nsExec.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7168
                                                                                                                                                                                                                Entropy (8bit):5.298362543684714
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:675C4948E1EFC929EDCABFE67148EDDD
                                                                                                                                                                                                                SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                                                                                                                                                                                                SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                                                                                                                                                                                                SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Fast!.lnk

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Feb 27 08:59:24 2024, mtime=Wed Mar 6 08:51:55 2024, atime=Tue Feb 27 08:59:24 2024, length=769872, window=hide
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1938
                                                                                                                                                                                                                Entropy (8bit):3.2216515911219026
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:BA1A98CDE225C8B60D679F0F6CEA387C
                                                                                                                                                                                                                SHA1:F4687B30AE0455B99C3E2102ED9C5866282FD50E
                                                                                                                                                                                                                SHA-256:19E1CE93260515404557EF65AB0C3E033294D6C1A6B17F2E4E6E613301AD3E12
                                                                                                                                                                                                                SHA-512:8025B3EF0DE754FE51C27E78FDB56D1EF9F98B2634E8C10EC91191AF80E0D09710DB8124047C014893D4D26EEB1758063C0E18050EE24D32A9ABAFA1FC5A35CB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:L..................F.@.. ....fL.ci..E...o...fL.ci..P.......................s....P.O. .:i.....+00.../C:\.....................1.....fX\N..PROGRA~2.........O.IfXiN....................V......5j.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....fX|N..Fast!.<......fX\NfX|N....D.....................m)..F.a.s.t.!.....\.2.P...[XlO .fast!.exe.D......[XlOfXvN..............................f.a.s.t.!...e.x.e.......U...............-.......T.............t......C:\Program Files (x86)\Fast!\fast!.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.f.a.s.t.!...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.&.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.F.a.s.t.!...e.x.e.........%ProgramFiles%\Fast!\Fast!.exe......................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Uninstall.lnk

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Mar 6 08:51:55 2024, mtime=Wed Mar 6 08:51:55 2024, atime=Wed Mar 6 08:51:55 2024, length=478629, window=hide
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1984
                                                                                                                                                                                                                Entropy (8bit):3.3289935599162908
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:AC596D8BF3D569DEA4B94BE897C6B57D
                                                                                                                                                                                                                SHA1:307A9B56F6F9C2D8BCECBBFE422597F271D45B20
                                                                                                                                                                                                                SHA-256:66E27D7A6B361C5473B22C24798550BFB5E3FFF6E457EE2F4481E333A745BE75
                                                                                                                                                                                                                SHA-512:276F104AC88FE89736FB4A3E4E0238F4DED77003F6A880FCF7ACAC41706E328D7A7B36553D2F9F836FF7C7B687B3DA4FC27BB353C70DD4A136F9D51C48800521
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:L..................F.@.. ......o.....o.....o...M...........................P.O. .:i.....+00.../C:\.....................1.....fX\N..PROGRA~2.........O.IfXiN....................V......5j.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....fX|N..Fast!.<......fX\NfX|N....D.....................m)..F.a.s.t.!.....l.2..M..fX|N .UNINST~1.EXE..P......fX|NfX|N..........................m)..u.n.i.n.s.t.a.l.l.e.r...e.x.e.......[...............-.......Z.............t......C:\Program Files (x86)\Fast!\uninstaller.exe..D.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.u.n.i.n.s.t.a.l.l.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.u.n.i.n.s.t.a.l.l.e.r...e.x.e.........%ProgramFiles%\Fast!\uninstaller.exe..................................................................................................................

                                                                                                                                                                                                                C:\Users\user\Desktop\Fast!.lnk

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Feb 27 08:59:24 2024, mtime=Wed Mar 6 08:51:42 2024, atime=Tue Feb 27 08:59:24 2024, length=769872, window=hide
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1036
                                                                                                                                                                                                                Entropy (8bit):4.613507738299393
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:2D00B87B112A3E64AC56831646B9E8B1
                                                                                                                                                                                                                SHA1:5634E9D034DC115F433F6F88A7C10D0342EA6E74
                                                                                                                                                                                                                SHA-256:EB08D2975D390C4773B3EAAEB1D55E8E2E958524ABFFBED53A7C78B6D59E0561
                                                                                                                                                                                                                SHA-512:3EBD281FDDE917054F7AE0F86FC6C89D8F8B8ADC14BC80450078CC359B25B92915FAA77B3B29CFE34BB4B8140B10E544A498429EF1313A819E17472D3E427308
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:L..................F.... ....fL.ci...&..o...fL.ci..P.......................s....P.O. .:i.....+00.../C:\.....................1.....fX\N..PROGRA~2.........O.IfXiN....................V......5j.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....fX|N..Fast!.<......fX\NfX|N....D.......................M.F.a.s.t.!.....\.2.P...[XlO .fast!.exe.D......[XlOfXvN..............................f.a.s.t.!...e.x.e.......U...............-.......T.............t......C:\Program Files (x86)\Fast!\fast!.exe..,.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.f.a.s.t.!...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.........*................@Z|...K.J.........`.......X.......494126...........hT..CrF.f4... ..........,.......hT..CrF.f4... ..........,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h

                                                                                                                                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):55
                                                                                                                                                                                                                Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                Chrome Cache Entry: 332

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1572)
                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                Size (bytes):5776
                                                                                                                                                                                                                Entropy (8bit):5.406333618109174
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:C840A8EFA9639BA51FFFF865A6D5B3ED
                                                                                                                                                                                                                SHA1:00C77DA03DDCFA49CC08A7229BA8FA3F9AFCCC38
                                                                                                                                                                                                                SHA-256:C3061C3788AD5783EF8A5D10C454BAFE7EB942C48200DCCC852CC6D3C9F303D4
                                                                                                                                                                                                                SHA-512:E73A55A7CB4906133D3C85F7F7F5BC1435FB1AE023A565B446B9A628D2540B7501EECC6D6CDC3276871BC418C16DAAE14FF0C84E9A10A691CC40597400ECDEC1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                URL:https://fonts.googleapis.com/css?family=Open%20Sans
                                                                                                                                                                                                                Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVIGxA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-fa

                                                                                                                                                                                                                Chrome Cache Entry: 333

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (64347)
                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                Size (bytes):219855
                                                                                                                                                                                                                Entropy (8bit):5.455096169333268
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:4358BCFB91CF686E83EE56BFDB956461
                                                                                                                                                                                                                SHA1:E9BBDE7E677111E8093C0EB4FE4BCC53FD8867EC
                                                                                                                                                                                                                SHA-256:50B6E67CFCFE4AC8FE9CEE705B681F696065306EE42BCD4E6B37A17DBA333AC5
                                                                                                                                                                                                                SHA-512:C226D7CB78F8A99D9C96B384412F36C0F4A3D009E8629183F918EF41D7A3B47B3B22CBDFD1B5EAA1F8DA556B0B1C6A04342AF850E5C12242F34C4D59958BDC66
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                URL:https://connect.facebook.net/en_US/fbevents.js
                                                                                                                                                                                                                Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

                                                                                                                                                                                                                Chrome Cache Entry: 334

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):675
                                                                                                                                                                                                                Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                Chrome Cache Entry: 335

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                Size (bytes):675
                                                                                                                                                                                                                Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                URL:https://repository.pcapp.store/pcapp/images/fast.png
                                                                                                                                                                                                                Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                Chrome Cache Entry: 336

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                Size (bytes):18668
                                                                                                                                                                                                                Entropy (8bit):7.988119248989337
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                MD5:8655D20BBCC8CDBFAB17B6BE6CF55DF3
                                                                                                                                                                                                                SHA1:90EDBFA9A7DABB185487B4774076F82EB6412270
                                                                                                                                                                                                                SHA-256:E7AF9D60D875EB1C1B1037BBBFDEC41FCB096D0EBCF98A48717AD8B07906CED6
                                                                                                                                                                                                                SHA-512:47308DE25BD7E4CA27F59A2AE681BA64393FE4070E730C1F00C4053BAC956A9B4F7C0763C04145BC50A5F91C12A0BF80BDD4B03EECC2036CD56B2DB31494CBAF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                URL:https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
                                                                                                                                                                                                                Preview:wOF2......H...........H..........................|.....h.`?STAT^..0..|...........+..2..6.$..`. ..x........z'o..w;....6.E....6....E...'$H.#.....n1X..JU/.d.O..JC.'J".v.v.l.h.....u.S...SY.....B.hz.o.}......W......%m6...A..=....\..m. .]..~.[..........]...I.*.h.=.....6.xt..F....Lt...Qs-.7..{...~BI.".F.Q......F...P..dMw..#I2........Rq.Q&.0@.;..;...3VG..:c.nki..-Q..2##e.u...8n....\?....T..b....^..#...../.J|OM..St....e.S.}!.....>..i.T/a.ES%.W.P3..`..a.R.A.....!~g..74.np8o.....d[6?.P.4)P.....AG.3.......;#0.y....M..O/2.@.4..N.vA$.:M&H,.AT".........@..a.~..L->...0@h...~.._..N"......t......C./g7..............2E.N.J...TW.F..."A.B...n.......i.?.{\.L.!*.B..x...S..!........?.\,... .@.....y"xw.A8.w..!E..-^P O..+.T.r.R.zz..K..].E.....Ri.)g.P...j..w..c.M.F.v../........Q....'...(....X..;.K.!BZ3.........f.....N.A(....cA`.b'...`.~sa*^.....?..../.L.S......t..`@h..C.....>N.W...;>..._h.+~=|......uOGA{.7.....h....q.d.4$.x<.....^0|...@....@Q[RC.0....b....'...*RID

                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                Entropy (8bit):7.272607365654344
                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                File name:9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                File size:120'248 bytes
                                                                                                                                                                                                                MD5:8b92571e4f2e6ef1aafd903796a9c152
                                                                                                                                                                                                                SHA1:f18491b49826dfbfc7760f08fd6d2339d15e0658
                                                                                                                                                                                                                SHA256:0172a96a870e24b01533c188b0abc4063ecbcce6c080b88684d8129b67ff31c1
                                                                                                                                                                                                                SHA512:2322983ebe02d1a62ff284742dd4d82768e1ffca397d48647ed4b1fb4d2fed2d09753e88e9f4aee23d6ac072d54f3ebc82f8bca3d7c1508b0e8713d9436899d1
                                                                                                                                                                                                                SSDEEP:3072:XbG7N2kDTHUpou2e+TRZalZPzy2mGCKhn+dm/j9:XbE/HUp+dZaPryK9n+qj9
                                                                                                                                                                                                                TLSH:93C3BE10B7649062F8A3CB3115A566364A7AAC21F5504F0F3FD05A4879EE3F1AF2D3E6
                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                Icon Hash:f9cc995924134d0d

                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Entrypoint:0x40352d
                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                                                                                                                Authenticode Signature

                                                                                                                                                                                                                Signature Valid:true
                                                                                                                                                                                                                Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                Error Number:0
                                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                                • 07/03/2023 00:00:00 06/03/2025 23:59:59
                                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                                • CN=PC APP STORE ONLINE LTD, O=PC APP STORE ONLINE LTD, S=Lefkosia, C=CY, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CY, SERIALNUMBER=HE 437786
                                                                                                                                                                                                                Version:3
                                                                                                                                                                                                                Thumbprint MD5:C9665C5BA57D66E7F2CC96E181C6070C
                                                                                                                                                                                                                Thumbprint SHA-1:42338B0E4ED281FE782653F3A22E056716196127
                                                                                                                                                                                                                Thumbprint SHA-256:5A1ECC64D40D3C775D5BF7C895B8CE67FC39BAB2384777B0027B20BD1CDB7025
                                                                                                                                                                                                                Serial:4C9F43A2452108794B4F104512219D72

                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                sub esp, 000003F4h
                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                push 00000020h
                                                                                                                                                                                                                pop edi
                                                                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                                                                push 00008001h
                                                                                                                                                                                                                mov dword ptr [ebp-14h], ebx
                                                                                                                                                                                                                mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                                                                                                                mov dword ptr [ebp-10h], ebx
                                                                                                                                                                                                                call dword ptr [004080CCh]
                                                                                                                                                                                                                mov esi, dword ptr [004080D0h]
                                                                                                                                                                                                                lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                                                                                                mov dword ptr [ebp-2Ch], ebx
                                                                                                                                                                                                                mov dword ptr [ebp-28h], ebx
                                                                                                                                                                                                                mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                                                                                                call esi
                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                jne 00007F12308F8A2Ah
                                                                                                                                                                                                                lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                call esi
                                                                                                                                                                                                                mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                                                                                                mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                                                                                                sub ax, 00000053h
                                                                                                                                                                                                                add ecx, FFFFFFD0h
                                                                                                                                                                                                                neg ax
                                                                                                                                                                                                                sbb eax, eax
                                                                                                                                                                                                                mov byte ptr [ebp-26h], 00000004h
                                                                                                                                                                                                                not eax
                                                                                                                                                                                                                and eax, ecx
                                                                                                                                                                                                                mov word ptr [ebp-2Ch], ax
                                                                                                                                                                                                                cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                                                                                                jnc 00007F12308F89FAh
                                                                                                                                                                                                                and word ptr [ebp-00000132h], 0000h
                                                                                                                                                                                                                mov eax, dword ptr [ebp-00000134h]
                                                                                                                                                                                                                movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                                                                                                mov dword ptr [00434FB8h], eax
                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                                                                                                movzx eax, ax
                                                                                                                                                                                                                or eax, ecx
                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                mov ch, byte ptr [ebp-2Ch]
                                                                                                                                                                                                                movzx ecx, cx
                                                                                                                                                                                                                shl eax, 10h
                                                                                                                                                                                                                or eax, ecx

                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000x4f28.rsrc
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x1a8580x2d60.data
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                .text0x10000x68970x6a00ce9df19df15aa7bfbc0a8d0af0b841d0False0.6661261792452831data6.458398214928006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .rdata0x80000x14a60x1600a118375c929d970903c1204233b7583dFalse0.4392755681818182data5.024109281264143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .data0xa0000x2b0180x60082a10c59a8679bb952fc8316070b8a6cFalse0.521484375data4.15458210408643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .ndata0x360000x300000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .rsrc0x660000x4f280x50000217fb7f676552f4fd6495acbdb6027bFalse0.2119140625data3.841902520112591IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                RT_ICON0x662080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 30000 x 30000 px/mEnglishUnited States0.16450165328294758
                                                                                                                                                                                                                RT_DIALOG0x6a4300x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                RT_DIALOG0x6a6380xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                RT_DIALOG0x6a7300xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                RT_DIALOG0x6a7d00xeedataEnglishUnited States0.6302521008403361
                                                                                                                                                                                                                RT_GROUP_ICON0x6a8c00x14dataEnglishUnited States1.1
                                                                                                                                                                                                                RT_VERSION0x6a8d80x21cdataEnglishUnited States0.5314814814814814
                                                                                                                                                                                                                RT_MANIFEST0x6aaf80x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                                                                                SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                                                                                ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                                                USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                                                                                GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                                                                                KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                Start time:10:50:49
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                File size:120'248 bytes
                                                                                                                                                                                                                MD5 hash:8B92571E4F2E6EF1AAFD903796A9C152
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                Start time:10:50:55
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                Start time:10:50:56
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                Start time:10:50:56
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1848,i,2207139316729588946,8923005645512885988,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                Start time:10:51:17
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                File size:131'033'904 bytes
                                                                                                                                                                                                                MD5 hash:599BAD8E7D2363415B86A08F4ACD243A
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                Start time:10:51:20
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xml
                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                Start time:10:51:20
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                Start time:10:51:20
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp
                                                                                                                                                                                                                Imagebase:0x940000
                                                                                                                                                                                                                File size:144'688 bytes
                                                                                                                                                                                                                MD5 hash:FC41CABDD3C18079985AC5F648F58A90
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                Start time:10:51:56
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                Start time:10:51:56
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\FastSRV.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Program Files (x86)\Fast!\FastSRV.exe
                                                                                                                                                                                                                Imagebase:0x920000
                                                                                                                                                                                                                File size:187'728 bytes
                                                                                                                                                                                                                MD5 hash:99A0AFAF20877C3807D5EF292FACDDC7
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                • Detection: 4%, Virustotal, Browse
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                Start time:10:51:56
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=2000,i,3858328965028231226,10247695033159646713,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                Start time:10:51:56
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Program Files (x86)\fast!\fast!.exe
                                                                                                                                                                                                                Imagebase:0x360000
                                                                                                                                                                                                                File size:769'872 bytes
                                                                                                                                                                                                                MD5 hash:A2EF6C8CCFBEEE722F02C9744272449A
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 25%, ReversingLabs
                                                                                                                                                                                                                • Detection: 29%, Virustotal, Browse
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                Start time:10:51:57
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Program Files (x86)\Fast!\Fast!.exe
                                                                                                                                                                                                                Imagebase:0x360000
                                                                                                                                                                                                                File size:769'872 bytes
                                                                                                                                                                                                                MD5 hash:A2EF6C8CCFBEEE722F02C9744272449A
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                Start time:10:51:59
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                • Detection: 9%, Virustotal, Browse
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                Start time:10:52:00
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x238,0x23c,0x240,0x210,0x244,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                Start time:10:52:00
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1732 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:2
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                Start time:10:52:01
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                                Start time:10:52:04
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2428 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                Start time:10:52:05
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709714839247985 --launch-time-ticks=3885297285 --mojo-platform-channel-handle=3152 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:1
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                                Start time:10:52:06
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                Start time:10:52:15
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3984 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                Start time:10:52:31
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3864 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                                Start time:10:52:31
                                                                                                                                                                                                                Start date:06/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3768 --field-trial-handle=1924,i,15784943914246256589,17369889196795924647,262144 /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff715340000
                                                                                                                                                                                                                File size:2'337'112 bytes
                                                                                                                                                                                                                MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:28.4%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:16.6%
                                                                                                                                                                                                                  Total number of Nodes:1352
                                                                                                                                                                                                                  Total number of Limit Nodes:32
                                                                                                                                                                                                                  execution_graph 2923 4015c1 2942 402da6 2923->2942 2927 401631 2929 401663 2927->2929 2930 401636 2927->2930 2932 401423 24 API calls 2929->2932 2966 401423 2930->2966 2939 40165b 2932->2939 2937 40164a SetCurrentDirectoryW 2937->2939 2938 401617 GetFileAttributesW 2940 4015d1 2938->2940 2940->2927 2940->2938 2954 405e39 2940->2954 2958 405b08 2940->2958 2961 405a6e CreateDirectoryW 2940->2961 2970 405aeb CreateDirectoryW 2940->2970 2943 402db2 2942->2943 2973 40657a 2943->2973 2946 4015c8 2948 405eb7 CharNextW CharNextW 2946->2948 2949 405ed4 2948->2949 2950 405ee6 2948->2950 2949->2950 2951 405ee1 CharNextW 2949->2951 2952 405e39 CharNextW 2950->2952 2953 405f0a 2950->2953 2951->2953 2952->2950 2953->2940 2955 405e3f 2954->2955 2956 405e55 2955->2956 2957 405e46 CharNextW 2955->2957 2956->2940 2957->2955 3011 40690a GetModuleHandleA 2958->3011 2962 405abb 2961->2962 2963 405abf GetLastError 2961->2963 2962->2940 2963->2962 2964 405ace SetFileSecurityW 2963->2964 2964->2962 2965 405ae4 GetLastError 2964->2965 2965->2962 3020 40559f 2966->3020 2969 40653d lstrcpynW 2969->2937 2971 405afb 2970->2971 2972 405aff GetLastError 2970->2972 2971->2940 2972->2971 2977 406587 2973->2977 2974 4067aa 2975 402dd3 2974->2975 3006 40653d lstrcpynW 2974->3006 2975->2946 2990 4067c4 2975->2990 2977->2974 2978 406778 lstrlenW 2977->2978 2981 40657a 10 API calls 2977->2981 2982 40668f GetSystemDirectoryW 2977->2982 2984 4066a2 GetWindowsDirectoryW 2977->2984 2985 406719 lstrcatW 2977->2985 2986 40657a 10 API calls 2977->2986 2987 4067c4 5 API calls 2977->2987 2988 4066d1 SHGetSpecialFolderLocation 2977->2988 2999 40640b 2977->2999 3004 406484 wsprintfW 2977->3004 3005 40653d lstrcpynW 2977->3005 2978->2977 2981->2978 2982->2977 2984->2977 2985->2977 2986->2977 2987->2977 2988->2977 2989 4066e9 SHGetPathFromIDListW CoTaskMemFree 2988->2989 2989->2977 2996 4067d1 2990->2996 2991 406847 2992 40684c CharPrevW 2991->2992 2994 40686d 2991->2994 2992->2991 2993 40683a CharNextW 2993->2991 2993->2996 2994->2946 2995 405e39 CharNextW 2995->2996 2996->2991 2996->2993 2996->2995 2997 406826 CharNextW 2996->2997 2998 406835 CharNextW 2996->2998 2997->2996 2998->2993 3007 4063aa 2999->3007 3002 40646f 3002->2977 3003 40643f RegQueryValueExW RegCloseKey 3003->3002 3004->2977 3005->2977 3006->2975 3008 4063b9 3007->3008 3009 4063c2 RegOpenKeyExW 3008->3009 3010 4063bd 3008->3010 3009->3010 3010->3002 3010->3003 3012 406930 GetProcAddress 3011->3012 3013 406926 3011->3013 3015 405b0f 3012->3015 3017 40689a GetSystemDirectoryW 3013->3017 3015->2940 3016 40692c 3016->3012 3016->3015 3018 4068bc wsprintfW LoadLibraryExW 3017->3018 3018->3016 3021 401431 3020->3021 3023 4055ba 3020->3023 3021->2969 3022 4055d6 lstrlenW 3025 4055e4 lstrlenW 3022->3025 3026 4055ff 3022->3026 3023->3022 3024 40657a 17 API calls 3023->3024 3024->3022 3025->3021 3027 4055f6 lstrcatW 3025->3027 3028 405612 3026->3028 3029 405605 SetWindowTextW 3026->3029 3027->3026 3028->3021 3030 405618 SendMessageW SendMessageW SendMessageW 3028->3030 3029->3028 3030->3021 3031 401941 3032 401943 3031->3032 3033 402da6 17 API calls 3032->3033 3034 401948 3033->3034 3037 405c49 3034->3037 3073 405f14 3037->3073 3040 405c71 DeleteFileW 3071 401951 3040->3071 3041 405c88 3042 405da8 3041->3042 3087 40653d lstrcpynW 3041->3087 3042->3071 3105 406873 FindFirstFileW 3042->3105 3044 405cae 3045 405cc1 3044->3045 3046 405cb4 lstrcatW 3044->3046 3088 405e58 lstrlenW 3045->3088 3048 405cc7 3046->3048 3050 405cd7 lstrcatW 3048->3050 3052 405ce2 lstrlenW FindFirstFileW 3048->3052 3050->3052 3052->3042 3064 405d04 3052->3064 3055 405d8b FindNextFileW 3059 405da1 FindClose 3055->3059 3055->3064 3056 405c01 5 API calls 3058 405de3 3056->3058 3060 405de7 3058->3060 3061 405dfd 3058->3061 3059->3042 3065 40559f 24 API calls 3060->3065 3060->3071 3063 40559f 24 API calls 3061->3063 3063->3071 3064->3055 3066 405c49 60 API calls 3064->3066 3068 40559f 24 API calls 3064->3068 3070 40559f 24 API calls 3064->3070 3092 40653d lstrcpynW 3064->3092 3093 405c01 3064->3093 3101 4062fd MoveFileExW 3064->3101 3067 405df4 3065->3067 3066->3064 3069 4062fd 36 API calls 3067->3069 3068->3055 3069->3071 3070->3064 3111 40653d lstrcpynW 3073->3111 3075 405f25 3076 405eb7 4 API calls 3075->3076 3077 405f2b 3076->3077 3078 405c69 3077->3078 3079 4067c4 5 API calls 3077->3079 3078->3040 3078->3041 3085 405f3b 3079->3085 3080 405f6c lstrlenW 3081 405f77 3080->3081 3080->3085 3083 405e0c 3 API calls 3081->3083 3082 406873 2 API calls 3082->3085 3084 405f7c GetFileAttributesW 3083->3084 3084->3078 3085->3078 3085->3080 3085->3082 3086 405e58 2 API calls 3085->3086 3086->3080 3087->3044 3089 405e66 3088->3089 3090 405e78 3089->3090 3091 405e6c CharPrevW 3089->3091 3090->3048 3091->3089 3091->3090 3092->3064 3112 406008 GetFileAttributesW 3093->3112 3096 405c2e 3096->3064 3097 405c24 DeleteFileW 3099 405c2a 3097->3099 3098 405c1c RemoveDirectoryW 3098->3099 3099->3096 3100 405c3a SetFileAttributesW 3099->3100 3100->3096 3102 40631e 3101->3102 3103 406311 3101->3103 3102->3064 3115 406183 3103->3115 3106 405dcd 3105->3106 3107 406889 FindClose 3105->3107 3106->3071 3108 405e0c lstrlenW CharPrevW 3106->3108 3107->3106 3109 405dd7 3108->3109 3110 405e28 lstrcatW 3108->3110 3109->3056 3110->3109 3111->3075 3113 405c0d 3112->3113 3114 40601a SetFileAttributesW 3112->3114 3113->3096 3113->3097 3113->3098 3114->3113 3116 4061b3 3115->3116 3117 4061d9 GetShortPathNameW 3115->3117 3142 40602d GetFileAttributesW CreateFileW 3116->3142 3119 4062f8 3117->3119 3120 4061ee 3117->3120 3119->3102 3120->3119 3122 4061f6 wsprintfA 3120->3122 3121 4061bd CloseHandle GetShortPathNameW 3121->3119 3123 4061d1 3121->3123 3124 40657a 17 API calls 3122->3124 3123->3117 3123->3119 3125 40621e 3124->3125 3143 40602d GetFileAttributesW CreateFileW 3125->3143 3127 40622b 3127->3119 3128 40623a GetFileSize GlobalAlloc 3127->3128 3129 4062f1 CloseHandle 3128->3129 3130 40625c 3128->3130 3129->3119 3144 4060b0 ReadFile 3130->3144 3135 40627b lstrcpyA 3138 40629d 3135->3138 3136 40628f 3137 405f92 4 API calls 3136->3137 3137->3138 3139 4062d4 SetFilePointer 3138->3139 3151 4060df WriteFile 3139->3151 3142->3121 3143->3127 3145 4060ce 3144->3145 3145->3129 3146 405f92 lstrlenA 3145->3146 3147 405fd3 lstrlenA 3146->3147 3148 405fdb 3147->3148 3149 405fac lstrcmpiA 3147->3149 3148->3135 3148->3136 3149->3148 3150 405fca CharNextA 3149->3150 3150->3147 3152 4060fd GlobalFree 3151->3152 3152->3129 3167 401c43 3168 402d84 17 API calls 3167->3168 3169 401c4a 3168->3169 3170 402d84 17 API calls 3169->3170 3171 401c57 3170->3171 3172 401c6c 3171->3172 3173 402da6 17 API calls 3171->3173 3174 401c7c 3172->3174 3175 402da6 17 API calls 3172->3175 3173->3172 3176 401cd3 3174->3176 3177 401c87 3174->3177 3175->3174 3179 402da6 17 API calls 3176->3179 3178 402d84 17 API calls 3177->3178 3181 401c8c 3178->3181 3180 401cd8 3179->3180 3182 402da6 17 API calls 3180->3182 3183 402d84 17 API calls 3181->3183 3184 401ce1 FindWindowExW 3182->3184 3185 401c98 3183->3185 3188 401d03 3184->3188 3186 401cc3 SendMessageW 3185->3186 3187 401ca5 SendMessageTimeoutW 3185->3187 3186->3188 3187->3188 3815 404943 3816 404953 3815->3816 3817 404979 3815->3817 3818 404499 18 API calls 3816->3818 3819 404500 8 API calls 3817->3819 3820 404960 SetDlgItemTextW 3818->3820 3821 404985 3819->3821 3820->3817 3822 4028c4 3823 4028ca 3822->3823 3824 4028d2 FindClose 3823->3824 3825 402c2a 3823->3825 3824->3825 3829 4016cc 3830 402da6 17 API calls 3829->3830 3831 4016d2 GetFullPathNameW 3830->3831 3832 4016ec 3831->3832 3838 40170e 3831->3838 3835 406873 2 API calls 3832->3835 3832->3838 3833 401723 GetShortPathNameW 3834 402c2a 3833->3834 3836 4016fe 3835->3836 3836->3838 3839 40653d lstrcpynW 3836->3839 3838->3833 3838->3834 3839->3838 3840 401e4e GetDC 3841 402d84 17 API calls 3840->3841 3842 401e60 GetDeviceCaps MulDiv ReleaseDC 3841->3842 3843 402d84 17 API calls 3842->3843 3844 401e91 3843->3844 3845 40657a 17 API calls 3844->3845 3846 401ece CreateFontIndirectW 3845->3846 3847 402638 3846->3847 3848 4045cf lstrcpynW lstrlenW 3849 402950 3850 402da6 17 API calls 3849->3850 3852 40295c 3850->3852 3851 402972 3854 406008 2 API calls 3851->3854 3852->3851 3853 402da6 17 API calls 3852->3853 3853->3851 3855 402978 3854->3855 3877 40602d GetFileAttributesW CreateFileW 3855->3877 3857 402985 3858 402a3b 3857->3858 3859 4029a0 GlobalAlloc 3857->3859 3860 402a23 3857->3860 3861 402a42 DeleteFileW 3858->3861 3862 402a55 3858->3862 3859->3860 3863 4029b9 3859->3863 3864 4032b4 31 API calls 3860->3864 3861->3862 3878 4034e5 SetFilePointer 3863->3878 3866 402a30 CloseHandle 3864->3866 3866->3858 3867 4029bf 3868 4034cf ReadFile 3867->3868 3869 4029c8 GlobalAlloc 3868->3869 3870 4029d8 3869->3870 3871 402a0c 3869->3871 3872 4032b4 31 API calls 3870->3872 3873 4060df WriteFile 3871->3873 3876 4029e5 3872->3876 3874 402a18 GlobalFree 3873->3874 3874->3860 3875 402a03 GlobalFree 3875->3871 3876->3875 3877->3857 3878->3867 3879 401956 3880 402da6 17 API calls 3879->3880 3881 40195d lstrlenW 3880->3881 3882 402638 3881->3882 3591 4014d7 3592 402d84 17 API calls 3591->3592 3593 4014dd Sleep 3592->3593 3595 402c2a 3593->3595 3596 4020d8 3597 4020ea 3596->3597 3607 40219c 3596->3607 3598 402da6 17 API calls 3597->3598 3600 4020f1 3598->3600 3599 401423 24 API calls 3605 4022f6 3599->3605 3601 402da6 17 API calls 3600->3601 3602 4020fa 3601->3602 3603 402110 LoadLibraryExW 3602->3603 3604 402102 GetModuleHandleW 3602->3604 3606 402121 3603->3606 3603->3607 3604->3603 3604->3606 3618 406979 3606->3618 3607->3599 3610 402132 3613 402151 KiUserCallbackDispatcher 3610->3613 3614 40213a 3610->3614 3611 40216b 3612 40559f 24 API calls 3611->3612 3616 402142 3612->3616 3613->3616 3615 401423 24 API calls 3614->3615 3615->3616 3616->3605 3617 40218e FreeLibrary 3616->3617 3617->3605 3623 40655f WideCharToMultiByte 3618->3623 3620 406996 3621 40699d GetProcAddress 3620->3621 3622 40212c 3620->3622 3621->3622 3622->3610 3622->3611 3623->3620 3883 404658 3884 404670 3883->3884 3890 40478a 3883->3890 3891 404499 18 API calls 3884->3891 3885 4047f4 3886 4048be 3885->3886 3887 4047fe GetDlgItem 3885->3887 3892 404500 8 API calls 3886->3892 3888 404818 3887->3888 3889 40487f 3887->3889 3888->3889 3896 40483e SendMessageW LoadCursorW SetCursor 3888->3896 3889->3886 3897 404891 3889->3897 3890->3885 3890->3886 3893 4047c5 GetDlgItem SendMessageW 3890->3893 3894 4046d7 3891->3894 3895 4048b9 3892->3895 3916 4044bb KiUserCallbackDispatcher 3893->3916 3899 404499 18 API calls 3894->3899 3920 404907 3896->3920 3902 4048a7 3897->3902 3903 404897 SendMessageW 3897->3903 3900 4046e4 CheckDlgButton 3899->3900 3914 4044bb KiUserCallbackDispatcher 3900->3914 3902->3895 3907 4048ad SendMessageW 3902->3907 3903->3902 3904 4047ef 3917 4048e3 3904->3917 3907->3895 3909 404702 GetDlgItem 3915 4044ce SendMessageW 3909->3915 3911 404718 SendMessageW 3912 404735 GetSysColor 3911->3912 3913 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3911->3913 3912->3913 3913->3895 3914->3909 3915->3911 3916->3904 3918 4048f1 3917->3918 3919 4048f6 SendMessageW 3917->3919 3918->3919 3919->3885 3923 405b63 ShellExecuteExW 3920->3923 3922 40486d LoadCursorW SetCursor 3922->3889 3923->3922 3924 402b59 3925 402b60 3924->3925 3926 402bab 3924->3926 3929 402d84 17 API calls 3925->3929 3932 402ba9 3925->3932 3927 40690a 5 API calls 3926->3927 3928 402bb2 3927->3928 3930 402da6 17 API calls 3928->3930 3931 402b6e 3929->3931 3933 402bbb 3930->3933 3934 402d84 17 API calls 3931->3934 3933->3932 3935 402bbf IIDFromString 3933->3935 3937 402b7a 3934->3937 3935->3932 3936 402bce 3935->3936 3936->3932 3942 40653d lstrcpynW 3936->3942 3941 406484 wsprintfW 3937->3941 3940 402beb CoTaskMemFree 3940->3932 3941->3932 3942->3940 3741 40175c 3742 402da6 17 API calls 3741->3742 3743 401763 3742->3743 3744 40605c 2 API calls 3743->3744 3745 40176a 3744->3745 3746 40605c 2 API calls 3745->3746 3746->3745 3943 401d5d 3944 402d84 17 API calls 3943->3944 3945 401d6e SetWindowLongW 3944->3945 3946 402c2a 3945->3946 3747 401ede 3748 402d84 17 API calls 3747->3748 3749 401ee4 3748->3749 3750 402d84 17 API calls 3749->3750 3751 401ef0 3750->3751 3752 401f07 EnableWindow 3751->3752 3753 401efc ShowWindow 3751->3753 3754 402c2a 3752->3754 3753->3754 3755 4056de 3756 405888 3755->3756 3757 4056ff GetDlgItem GetDlgItem GetDlgItem 3755->3757 3759 405891 GetDlgItem CreateThread CloseHandle 3756->3759 3760 4058b9 3756->3760 3800 4044ce SendMessageW 3757->3800 3759->3760 3803 405672 5 API calls 3759->3803 3762 4058e4 3760->3762 3763 4058d0 ShowWindow ShowWindow 3760->3763 3764 405909 3760->3764 3761 40576f 3769 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3761->3769 3765 405944 3762->3765 3766 4058f8 3762->3766 3767 40591e ShowWindow 3762->3767 3802 4044ce SendMessageW 3763->3802 3768 404500 8 API calls 3764->3768 3765->3764 3777 405952 SendMessageW 3765->3777 3771 404472 SendMessageW 3766->3771 3773 405930 3767->3773 3774 40593e 3767->3774 3772 405917 3768->3772 3775 4057e4 3769->3775 3776 4057c8 SendMessageW SendMessageW 3769->3776 3771->3764 3778 40559f 24 API calls 3773->3778 3779 404472 SendMessageW 3774->3779 3780 4057f7 3775->3780 3781 4057e9 SendMessageW 3775->3781 3776->3775 3777->3772 3782 40596b CreatePopupMenu 3777->3782 3778->3774 3779->3765 3784 404499 18 API calls 3780->3784 3781->3780 3783 40657a 17 API calls 3782->3783 3786 40597b AppendMenuW 3783->3786 3785 405807 3784->3785 3789 405810 ShowWindow 3785->3789 3790 405844 GetDlgItem SendMessageW 3785->3790 3787 405998 GetWindowRect 3786->3787 3788 4059ab TrackPopupMenu 3786->3788 3787->3788 3788->3772 3791 4059c6 3788->3791 3792 405833 3789->3792 3793 405826 ShowWindow 3789->3793 3790->3772 3794 40586b SendMessageW SendMessageW 3790->3794 3795 4059e2 SendMessageW 3791->3795 3801 4044ce SendMessageW 3792->3801 3793->3792 3794->3772 3795->3795 3796 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3795->3796 3798 405a24 SendMessageW 3796->3798 3798->3798 3799 405a4d GlobalUnlock SetClipboardData CloseClipboard 3798->3799 3799->3772 3800->3761 3801->3790 3802->3762 3947 4028de 3948 4028e6 3947->3948 3949 4028ea FindNextFileW 3948->3949 3952 4028fc 3948->3952 3950 402943 3949->3950 3949->3952 3953 40653d lstrcpynW 3950->3953 3953->3952 3954 404ce0 3955 404cf0 3954->3955 3956 404d0c 3954->3956 3965 405b81 GetDlgItemTextW 3955->3965 3958 404d12 SHGetPathFromIDListW 3956->3958 3959 404d3f 3956->3959 3960 404d29 SendMessageW 3958->3960 3961 404d22 3958->3961 3960->3959 3963 40140b 2 API calls 3961->3963 3962 404cfd SendMessageW 3962->3956 3963->3960 3965->3962 3189 405b63 ShellExecuteExW 3966 401563 3967 402ba4 3966->3967 3970 406484 wsprintfW 3967->3970 3969 402ba9 3970->3969 3971 401968 3972 402d84 17 API calls 3971->3972 3973 40196f 3972->3973 3974 402d84 17 API calls 3973->3974 3975 40197c 3974->3975 3976 402da6 17 API calls 3975->3976 3977 401993 lstrlenW 3976->3977 3978 4019a4 3977->3978 3982 4019e5 3978->3982 3983 40653d lstrcpynW 3978->3983 3980 4019d5 3981 4019da lstrlenW 3980->3981 3980->3982 3981->3982 3983->3980 3984 40166a 3985 402da6 17 API calls 3984->3985 3986 401670 3985->3986 3987 406873 2 API calls 3986->3987 3988 401676 3987->3988 3989 402aeb 3990 402d84 17 API calls 3989->3990 3992 402af1 3990->3992 3991 40292e 3992->3991 3993 40657a 17 API calls 3992->3993 3993->3991 3236 4026ec 3237 402d84 17 API calls 3236->3237 3239 4026fb 3237->3239 3238 402838 3239->3238 3240 402745 ReadFile 3239->3240 3241 4060b0 ReadFile 3239->3241 3242 4027de 3239->3242 3243 402785 MultiByteToWideChar 3239->3243 3244 40283a 3239->3244 3247 4027ab SetFilePointer MultiByteToWideChar 3239->3247 3248 40284b 3239->3248 3240->3238 3240->3239 3241->3239 3242->3238 3242->3239 3250 40610e SetFilePointer 3242->3250 3243->3239 3259 406484 wsprintfW 3244->3259 3247->3239 3248->3238 3249 40286c SetFilePointer 3248->3249 3249->3238 3251 40612a 3250->3251 3254 406142 3250->3254 3252 4060b0 ReadFile 3251->3252 3253 406136 3252->3253 3253->3254 3255 406173 SetFilePointer 3253->3255 3256 40614b SetFilePointer 3253->3256 3254->3242 3255->3254 3256->3255 3257 406156 3256->3257 3258 4060df WriteFile 3257->3258 3258->3254 3259->3238 3530 40176f 3531 402da6 17 API calls 3530->3531 3532 401776 3531->3532 3533 401796 3532->3533 3534 40179e 3532->3534 3569 40653d lstrcpynW 3533->3569 3570 40653d lstrcpynW 3534->3570 3537 40179c 3541 4067c4 5 API calls 3537->3541 3538 4017a9 3539 405e0c 3 API calls 3538->3539 3540 4017af lstrcatW 3539->3540 3540->3537 3558 4017bb 3541->3558 3542 406873 2 API calls 3542->3558 3543 406008 2 API calls 3543->3558 3545 4017cd CompareFileTime 3545->3558 3546 40188d 3548 40559f 24 API calls 3546->3548 3547 401864 3549 40559f 24 API calls 3547->3549 3553 401879 3547->3553 3551 401897 3548->3551 3549->3553 3550 40653d lstrcpynW 3550->3558 3552 4032b4 31 API calls 3551->3552 3554 4018aa 3552->3554 3555 4018be SetFileTime 3554->3555 3556 4018d0 FindCloseChangeNotification 3554->3556 3555->3556 3556->3553 3559 4018e1 3556->3559 3557 40657a 17 API calls 3557->3558 3558->3542 3558->3543 3558->3545 3558->3546 3558->3547 3558->3550 3558->3557 3564 405b9d MessageBoxIndirectW 3558->3564 3568 40602d GetFileAttributesW CreateFileW 3558->3568 3560 4018e6 3559->3560 3561 4018f9 3559->3561 3562 40657a 17 API calls 3560->3562 3563 40657a 17 API calls 3561->3563 3565 4018ee lstrcatW 3562->3565 3566 401901 3563->3566 3564->3558 3565->3566 3567 405b9d MessageBoxIndirectW 3566->3567 3567->3553 3568->3558 3569->3537 3570->3538 3994 401a72 3995 402d84 17 API calls 3994->3995 3996 401a7b 3995->3996 3997 402d84 17 API calls 3996->3997 3998 401a20 3997->3998 3999 401573 4000 401583 ShowWindow 3999->4000 4001 40158c 3999->4001 4000->4001 4002 402c2a 4001->4002 4003 40159a ShowWindow 4001->4003 4003->4002 4004 4023f4 4005 402da6 17 API calls 4004->4005 4006 402403 4005->4006 4007 402da6 17 API calls 4006->4007 4008 40240c 4007->4008 4009 402da6 17 API calls 4008->4009 4010 402416 GetPrivateProfileStringW 4009->4010 4011 4014f5 SetForegroundWindow 4012 402c2a 4011->4012 4013 401ff6 4014 402da6 17 API calls 4013->4014 4015 401ffd 4014->4015 4016 406873 2 API calls 4015->4016 4017 402003 4016->4017 4019 402014 4017->4019 4020 406484 wsprintfW 4017->4020 4020->4019 4021 401b77 4022 402da6 17 API calls 4021->4022 4023 401b7e 4022->4023 4024 402d84 17 API calls 4023->4024 4025 401b87 wsprintfW 4024->4025 4026 402c2a 4025->4026 4027 40167b 4028 402da6 17 API calls 4027->4028 4029 401682 4028->4029 4030 402da6 17 API calls 4029->4030 4031 40168b 4030->4031 4032 402da6 17 API calls 4031->4032 4033 401694 MoveFileW 4032->4033 4034 4016a7 4033->4034 4040 4016a0 4033->4040 4036 406873 2 API calls 4034->4036 4038 4022f6 4034->4038 4035 401423 24 API calls 4035->4038 4037 4016b6 4036->4037 4037->4038 4039 4062fd 36 API calls 4037->4039 4039->4040 4040->4035 4041 4019ff 4042 402da6 17 API calls 4041->4042 4043 401a06 4042->4043 4044 402da6 17 API calls 4043->4044 4045 401a0f 4044->4045 4046 401a16 lstrcmpiW 4045->4046 4047 401a28 lstrcmpW 4045->4047 4048 401a1c 4046->4048 4047->4048 4049 4022ff 4050 402da6 17 API calls 4049->4050 4051 402305 4050->4051 4052 402da6 17 API calls 4051->4052 4053 40230e 4052->4053 4054 402da6 17 API calls 4053->4054 4055 402317 4054->4055 4056 406873 2 API calls 4055->4056 4057 402320 4056->4057 4058 402331 lstrlenW lstrlenW 4057->4058 4059 402324 4057->4059 4061 40559f 24 API calls 4058->4061 4060 40559f 24 API calls 4059->4060 4063 40232c 4059->4063 4060->4063 4062 40236f SHFileOperationW 4061->4062 4062->4059 4062->4063 4064 401000 4065 401037 BeginPaint GetClientRect 4064->4065 4066 40100c DefWindowProcW 4064->4066 4068 4010f3 4065->4068 4071 401179 4066->4071 4069 401073 CreateBrushIndirect FillRect DeleteObject 4068->4069 4070 4010fc 4068->4070 4069->4068 4072 401102 CreateFontIndirectW 4070->4072 4073 401167 EndPaint 4070->4073 4072->4073 4074 401112 6 API calls 4072->4074 4073->4071 4074->4073 3153 401d81 3154 401d94 GetDlgItem 3153->3154 3155 401d87 3153->3155 3156 401d8e 3154->3156 3164 402d84 3155->3164 3158 401dd5 GetClientRect LoadImageW SendMessageW 3156->3158 3159 402da6 17 API calls 3156->3159 3161 401e33 3158->3161 3162 401e3f 3158->3162 3159->3158 3161->3162 3163 401e38 DeleteObject 3161->3163 3163->3162 3165 40657a 17 API calls 3164->3165 3166 402d99 3165->3166 3166->3156 4075 401503 4076 40150b 4075->4076 4078 40151e 4075->4078 4077 402d84 17 API calls 4076->4077 4077->4078 4079 402383 4080 40238a 4079->4080 4082 40239d 4079->4082 4081 40657a 17 API calls 4080->4081 4083 402397 4081->4083 4084 405b9d MessageBoxIndirectW 4083->4084 4084->4082 3216 402c05 SendMessageW 3217 402c2a 3216->3217 3218 402c1f InvalidateRect 3216->3218 3218->3217 4085 404f06 GetDlgItem GetDlgItem 4086 404f58 7 API calls 4085->4086 4092 40517d 4085->4092 4087 404ff2 SendMessageW 4086->4087 4088 404fff DeleteObject 4086->4088 4087->4088 4089 405008 4088->4089 4090 40503f 4089->4090 4093 40657a 17 API calls 4089->4093 4094 404499 18 API calls 4090->4094 4091 40525f 4095 40530b 4091->4095 4105 4052b8 SendMessageW 4091->4105 4125 405170 4091->4125 4092->4091 4096 4051ec 4092->4096 4139 404e54 SendMessageW 4092->4139 4099 405021 SendMessageW SendMessageW 4093->4099 4100 405053 4094->4100 4097 405315 SendMessageW 4095->4097 4098 40531d 4095->4098 4096->4091 4101 405251 SendMessageW 4096->4101 4097->4098 4107 405336 4098->4107 4108 40532f ImageList_Destroy 4098->4108 4123 405346 4098->4123 4099->4089 4104 404499 18 API calls 4100->4104 4101->4091 4102 404500 8 API calls 4106 40550c 4102->4106 4118 405064 4104->4118 4110 4052cd SendMessageW 4105->4110 4105->4125 4111 40533f GlobalFree 4107->4111 4107->4123 4108->4107 4109 4054c0 4114 4054d2 ShowWindow GetDlgItem ShowWindow 4109->4114 4109->4125 4113 4052e0 4110->4113 4111->4123 4112 40513f GetWindowLongW SetWindowLongW 4115 405158 4112->4115 4124 4052f1 SendMessageW 4113->4124 4114->4125 4116 405175 4115->4116 4117 40515d ShowWindow 4115->4117 4138 4044ce SendMessageW 4116->4138 4137 4044ce SendMessageW 4117->4137 4118->4112 4119 40513a 4118->4119 4122 4050b7 SendMessageW 4118->4122 4126 4050f5 SendMessageW 4118->4126 4127 405109 SendMessageW 4118->4127 4119->4112 4119->4115 4122->4118 4123->4109 4130 405381 4123->4130 4144 404ed4 4123->4144 4124->4095 4125->4102 4126->4118 4127->4118 4129 40548b 4131 405496 InvalidateRect 4129->4131 4134 4054a2 4129->4134 4132 4053af SendMessageW 4130->4132 4133 4053c5 4130->4133 4131->4134 4132->4133 4133->4129 4135 405439 SendMessageW SendMessageW 4133->4135 4134->4109 4153 404e0f 4134->4153 4135->4133 4137->4125 4138->4092 4140 404eb3 SendMessageW 4139->4140 4141 404e77 GetMessagePos ScreenToClient SendMessageW 4139->4141 4143 404eab 4140->4143 4142 404eb0 4141->4142 4141->4143 4142->4140 4143->4096 4156 40653d lstrcpynW 4144->4156 4146 404ee7 4157 406484 wsprintfW 4146->4157 4148 404ef1 4149 40140b 2 API calls 4148->4149 4150 404efa 4149->4150 4158 40653d lstrcpynW 4150->4158 4152 404f01 4152->4130 4159 404d46 4153->4159 4155 404e24 4155->4109 4156->4146 4157->4148 4158->4152 4160 404d5f 4159->4160 4161 40657a 17 API calls 4160->4161 4162 404dc3 4161->4162 4163 40657a 17 API calls 4162->4163 4164 404dce 4163->4164 4165 40657a 17 API calls 4164->4165 4166 404de4 lstrlenW wsprintfW SetDlgItemTextW 4165->4166 4166->4155 4167 404609 lstrlenW 4168 404628 4167->4168 4169 40462a WideCharToMultiByte 4167->4169 4168->4169 4170 40498a 4171 4049b6 4170->4171 4172 4049c7 4170->4172 4231 405b81 GetDlgItemTextW 4171->4231 4174 4049d3 GetDlgItem 4172->4174 4179 404a32 4172->4179 4176 4049e7 4174->4176 4175 4049c1 4178 4067c4 5 API calls 4175->4178 4181 4049fb SetWindowTextW 4176->4181 4186 405eb7 4 API calls 4176->4186 4177 404b16 4228 404cc5 4177->4228 4233 405b81 GetDlgItemTextW 4177->4233 4178->4172 4179->4177 4182 40657a 17 API calls 4179->4182 4179->4228 4184 404499 18 API calls 4181->4184 4188 404aa6 SHBrowseForFolderW 4182->4188 4183 404b46 4189 405f14 18 API calls 4183->4189 4190 404a17 4184->4190 4185 404500 8 API calls 4191 404cd9 4185->4191 4187 4049f1 4186->4187 4187->4181 4195 405e0c 3 API calls 4187->4195 4188->4177 4192 404abe CoTaskMemFree 4188->4192 4193 404b4c 4189->4193 4194 404499 18 API calls 4190->4194 4196 405e0c 3 API calls 4192->4196 4234 40653d lstrcpynW 4193->4234 4197 404a25 4194->4197 4195->4181 4198 404acb 4196->4198 4232 4044ce SendMessageW 4197->4232 4201 404b02 SetDlgItemTextW 4198->4201 4206 40657a 17 API calls 4198->4206 4201->4177 4202 404a2b 4204 40690a 5 API calls 4202->4204 4203 404b63 4205 40690a 5 API calls 4203->4205 4204->4179 4212 404b6a 4205->4212 4207 404aea lstrcmpiW 4206->4207 4207->4201 4210 404afb lstrcatW 4207->4210 4208 404bab 4235 40653d lstrcpynW 4208->4235 4210->4201 4211 404bb2 4213 405eb7 4 API calls 4211->4213 4212->4208 4216 405e58 2 API calls 4212->4216 4218 404c03 4212->4218 4214 404bb8 GetDiskFreeSpaceW 4213->4214 4217 404bdc MulDiv 4214->4217 4214->4218 4216->4212 4217->4218 4219 404e0f 20 API calls 4218->4219 4229 404c74 4218->4229 4221 404c61 4219->4221 4220 40140b 2 API calls 4222 404c97 4220->4222 4224 404c76 SetDlgItemTextW 4221->4224 4225 404c66 4221->4225 4236 4044bb KiUserCallbackDispatcher 4222->4236 4224->4229 4227 404d46 20 API calls 4225->4227 4226 404cb3 4226->4228 4230 4048e3 SendMessageW 4226->4230 4227->4229 4228->4185 4229->4220 4229->4222 4230->4228 4231->4175 4232->4202 4233->4183 4234->4203 4235->4211 4236->4226 4237 40248a 4238 402da6 17 API calls 4237->4238 4239 40249c 4238->4239 4240 402da6 17 API calls 4239->4240 4241 4024a6 4240->4241 4254 402e36 4241->4254 4244 4024de 4248 402d84 17 API calls 4244->4248 4252 4024ea 4244->4252 4245 40292e 4246 402da6 17 API calls 4247 4024d4 lstrlenW 4246->4247 4247->4244 4248->4252 4249 402509 RegSetValueExW 4251 40251f RegCloseKey 4249->4251 4250 4032b4 31 API calls 4250->4249 4251->4245 4252->4249 4252->4250 4255 402e51 4254->4255 4258 4063d8 4255->4258 4259 4063e7 4258->4259 4260 4063f2 RegCreateKeyExW 4259->4260 4261 4024b6 4259->4261 4260->4261 4261->4244 4261->4245 4261->4246 4262 40290b 4263 402da6 17 API calls 4262->4263 4264 402912 FindFirstFileW 4263->4264 4265 40293a 4264->4265 4268 402925 4264->4268 4270 406484 wsprintfW 4265->4270 4267 402943 4271 40653d lstrcpynW 4267->4271 4270->4267 4271->4268 4272 40190c 4273 401943 4272->4273 4274 402da6 17 API calls 4273->4274 4275 401948 4274->4275 4276 405c49 67 API calls 4275->4276 4277 401951 4276->4277 4278 40190f 4279 402da6 17 API calls 4278->4279 4280 401916 4279->4280 4281 405b9d MessageBoxIndirectW 4280->4281 4282 40191f 4281->4282 3571 402891 3572 402898 3571->3572 3573 402ba9 3571->3573 3574 402d84 17 API calls 3572->3574 3575 40289f 3574->3575 3576 4028ae SetFilePointer 3575->3576 3576->3573 3577 4028be 3576->3577 3579 406484 wsprintfW 3577->3579 3579->3573 4283 401491 4284 40559f 24 API calls 4283->4284 4285 401498 4284->4285 3580 403b12 3581 403b2a 3580->3581 3582 403b1c CloseHandle 3580->3582 3587 403b57 3581->3587 3582->3581 3585 405c49 67 API calls 3586 403b3b 3585->3586 3589 403b65 3587->3589 3588 403b2f 3588->3585 3589->3588 3590 403b6a FreeLibrary GlobalFree 3589->3590 3590->3588 3590->3590 4286 401f12 4287 402da6 17 API calls 4286->4287 4288 401f18 4287->4288 4289 402da6 17 API calls 4288->4289 4290 401f21 4289->4290 4291 402da6 17 API calls 4290->4291 4292 401f2a 4291->4292 4293 402da6 17 API calls 4292->4293 4294 401f33 4293->4294 4295 401423 24 API calls 4294->4295 4296 401f3a 4295->4296 4303 405b63 ShellExecuteExW 4296->4303 4298 401f82 4299 40292e 4298->4299 4300 4069b5 5 API calls 4298->4300 4301 401f9f FindCloseChangeNotification 4300->4301 4301->4299 4303->4298 4304 405513 4305 405523 4304->4305 4306 405537 4304->4306 4307 405580 4305->4307 4308 405529 4305->4308 4309 40553f IsWindowVisible 4306->4309 4315 405556 4306->4315 4310 405585 CallWindowProcW 4307->4310 4311 4044e5 SendMessageW 4308->4311 4309->4307 4312 40554c 4309->4312 4313 405533 4310->4313 4311->4313 4314 404e54 5 API calls 4312->4314 4314->4315 4315->4310 4316 404ed4 4 API calls 4315->4316 4316->4307 4317 402f93 4318 402fa5 SetTimer 4317->4318 4319 402fbe 4317->4319 4318->4319 4320 403013 4319->4320 4321 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4319->4321 4321->4320 4322 401d17 4323 402d84 17 API calls 4322->4323 4324 401d1d IsWindow 4323->4324 4325 401a20 4324->4325 3624 403f9a 3625 403fb2 3624->3625 3626 404113 3624->3626 3625->3626 3627 403fbe 3625->3627 3628 404164 3626->3628 3629 404124 GetDlgItem GetDlgItem 3626->3629 3631 403fc9 SetWindowPos 3627->3631 3632 403fdc 3627->3632 3630 4041be 3628->3630 3638 401389 2 API calls 3628->3638 3633 404499 18 API calls 3629->3633 3634 4044e5 SendMessageW 3630->3634 3639 40410e 3630->3639 3631->3632 3635 403fe5 ShowWindow 3632->3635 3636 404027 3632->3636 3637 40414e SetClassLongW 3633->3637 3663 4041d0 3634->3663 3640 4040d1 3635->3640 3641 404005 GetWindowLongW 3635->3641 3642 404046 3636->3642 3643 40402f DestroyWindow 3636->3643 3644 40140b 2 API calls 3637->3644 3647 404196 3638->3647 3704 404500 3640->3704 3641->3640 3649 40401e ShowWindow 3641->3649 3645 40404b SetWindowLongW 3642->3645 3646 40405c 3642->3646 3650 404422 3643->3650 3644->3628 3645->3639 3646->3640 3651 404068 GetDlgItem 3646->3651 3647->3630 3652 40419a SendMessageW 3647->3652 3649->3636 3650->3639 3657 404453 ShowWindow 3650->3657 3655 404096 3651->3655 3656 404079 SendMessageW IsWindowEnabled 3651->3656 3652->3639 3653 40140b 2 API calls 3653->3663 3654 404424 DestroyWindow KiUserCallbackDispatcher 3654->3650 3659 4040a3 3655->3659 3661 4040ea SendMessageW 3655->3661 3662 4040b6 3655->3662 3669 40409b 3655->3669 3656->3639 3656->3655 3657->3639 3658 40657a 17 API calls 3658->3663 3659->3661 3659->3669 3661->3640 3664 4040d3 3662->3664 3665 4040be 3662->3665 3663->3639 3663->3653 3663->3654 3663->3658 3666 404499 18 API calls 3663->3666 3686 404364 DestroyWindow 3663->3686 3695 404499 3663->3695 3667 40140b 2 API calls 3664->3667 3668 40140b 2 API calls 3665->3668 3666->3663 3667->3669 3668->3669 3669->3640 3701 404472 3669->3701 3671 40424b GetDlgItem 3672 404260 3671->3672 3673 404268 ShowWindow KiUserCallbackDispatcher 3671->3673 3672->3673 3698 4044bb KiUserCallbackDispatcher 3673->3698 3675 404292 KiUserCallbackDispatcher 3680 4042a6 3675->3680 3676 4042ab GetSystemMenu EnableMenuItem SendMessageW 3677 4042db SendMessageW 3676->3677 3676->3680 3677->3680 3679 403f7b 18 API calls 3679->3680 3680->3676 3680->3679 3699 4044ce SendMessageW 3680->3699 3700 40653d lstrcpynW 3680->3700 3682 40430a lstrlenW 3683 40657a 17 API calls 3682->3683 3684 404320 SetWindowTextW 3683->3684 3685 401389 2 API calls 3684->3685 3685->3663 3686->3650 3687 40437e CreateDialogParamW 3686->3687 3687->3650 3688 4043b1 3687->3688 3689 404499 18 API calls 3688->3689 3690 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3689->3690 3691 401389 2 API calls 3690->3691 3692 404402 3691->3692 3692->3639 3693 40440a ShowWindow 3692->3693 3694 4044e5 SendMessageW 3693->3694 3694->3650 3696 40657a 17 API calls 3695->3696 3697 4044a4 SetDlgItemTextW 3696->3697 3697->3671 3698->3675 3699->3680 3700->3682 3702 404479 3701->3702 3703 40447f SendMessageW 3701->3703 3702->3703 3703->3640 3705 4045c3 3704->3705 3706 404518 GetWindowLongW 3704->3706 3705->3639 3706->3705 3707 40452d 3706->3707 3707->3705 3708 40455a GetSysColor 3707->3708 3709 40455d 3707->3709 3708->3709 3710 404563 SetTextColor 3709->3710 3711 40456d SetBkMode 3709->3711 3710->3711 3712 404585 GetSysColor 3711->3712 3713 40458b 3711->3713 3712->3713 3714 404592 SetBkColor 3713->3714 3715 40459c 3713->3715 3714->3715 3715->3705 3716 4045b6 CreateBrushIndirect 3715->3716 3717 4045af DeleteObject 3715->3717 3716->3705 3717->3716 3718 401b9b 3719 401ba8 3718->3719 3720 401bec 3718->3720 3721 401c31 3719->3721 3726 401bbf 3719->3726 3722 401bf1 3720->3722 3723 401c16 GlobalAlloc 3720->3723 3724 40657a 17 API calls 3721->3724 3727 40239d 3721->3727 3722->3727 3739 40653d lstrcpynW 3722->3739 3725 40657a 17 API calls 3723->3725 3728 402397 3724->3728 3725->3721 3737 40653d lstrcpynW 3726->3737 3733 405b9d MessageBoxIndirectW 3728->3733 3731 401c03 GlobalFree 3731->3727 3732 401bce 3738 40653d lstrcpynW 3732->3738 3733->3727 3735 401bdd 3740 40653d lstrcpynW 3735->3740 3737->3732 3738->3735 3739->3731 3740->3727 4326 40261c 4327 402da6 17 API calls 4326->4327 4328 402623 4327->4328 4331 40602d GetFileAttributesW CreateFileW 4328->4331 4330 40262f 4331->4330 3804 40259e 3805 402de6 17 API calls 3804->3805 3806 4025a8 3805->3806 3807 402d84 17 API calls 3806->3807 3808 4025b1 3807->3808 3809 4025d9 RegEnumValueW 3808->3809 3810 4025cd RegEnumKeyW 3808->3810 3811 40292e 3808->3811 3812 4025f5 RegCloseKey 3809->3812 3813 4025ee 3809->3813 3810->3812 3812->3811 3813->3812 4332 40149e 4333 4014ac PostQuitMessage 4332->4333 4334 40239d 4332->4334 4333->4334 4335 4015a3 4336 402da6 17 API calls 4335->4336 4337 4015aa SetFileAttributesW 4336->4337 4338 4015bc 4337->4338 3190 401fa4 3191 402da6 17 API calls 3190->3191 3192 401faa 3191->3192 3193 40559f 24 API calls 3192->3193 3194 401fb4 3193->3194 3203 405b20 CreateProcessW 3194->3203 3198 40292e 3200 401fcf 3201 401fdd FindCloseChangeNotification 3200->3201 3211 406484 wsprintfW 3200->3211 3201->3198 3204 405b53 CloseHandle 3203->3204 3205 401fba 3203->3205 3204->3205 3205->3198 3205->3201 3206 4069b5 WaitForSingleObject 3205->3206 3207 4069cf 3206->3207 3208 4069e1 GetExitCodeProcess 3207->3208 3212 406946 3207->3212 3208->3200 3211->3201 3213 406963 PeekMessageW 3212->3213 3214 406973 WaitForSingleObject 3213->3214 3215 406959 DispatchMessageW 3213->3215 3214->3207 3215->3213 3219 40252a 3230 402de6 3219->3230 3222 402da6 17 API calls 3223 40253d 3222->3223 3224 402548 RegQueryValueExW 3223->3224 3229 40292e 3223->3229 3225 40256e RegCloseKey 3224->3225 3226 402568 3224->3226 3225->3229 3226->3225 3235 406484 wsprintfW 3226->3235 3231 402da6 17 API calls 3230->3231 3232 402dfd 3231->3232 3233 4063aa RegOpenKeyExW 3232->3233 3234 402534 3233->3234 3234->3222 3235->3225 4339 40202a 4340 402da6 17 API calls 4339->4340 4341 402031 4340->4341 4342 40690a 5 API calls 4341->4342 4343 402040 4342->4343 4344 40205c GlobalAlloc 4343->4344 4347 4020cc 4343->4347 4345 402070 4344->4345 4344->4347 4346 40690a 5 API calls 4345->4346 4348 402077 4346->4348 4349 40690a 5 API calls 4348->4349 4350 402081 4349->4350 4350->4347 4354 406484 wsprintfW 4350->4354 4352 4020ba 4355 406484 wsprintfW 4352->4355 4354->4352 4355->4347 4356 4021aa 4357 402da6 17 API calls 4356->4357 4358 4021b1 4357->4358 4359 402da6 17 API calls 4358->4359 4360 4021bb 4359->4360 4361 402da6 17 API calls 4360->4361 4362 4021c5 4361->4362 4363 402da6 17 API calls 4362->4363 4364 4021cf 4363->4364 4365 402da6 17 API calls 4364->4365 4366 4021d9 4365->4366 4367 402218 CoCreateInstance 4366->4367 4368 402da6 17 API calls 4366->4368 4371 402237 4367->4371 4368->4367 4369 401423 24 API calls 4370 4022f6 4369->4370 4371->4369 4371->4370 4372 403baa 4373 403bb5 4372->4373 4374 403bb9 4373->4374 4375 403bbc GlobalAlloc 4373->4375 4375->4374 3260 40352d SetErrorMode GetVersionExW 3261 4035b7 3260->3261 3262 40357f GetVersionExW 3260->3262 3263 403610 3261->3263 3264 40690a 5 API calls 3261->3264 3262->3261 3265 40689a 3 API calls 3263->3265 3264->3263 3266 403626 lstrlenA 3265->3266 3266->3263 3267 403636 3266->3267 3268 40690a 5 API calls 3267->3268 3269 40363d 3268->3269 3270 40690a 5 API calls 3269->3270 3271 403644 3270->3271 3272 40690a 5 API calls 3271->3272 3276 403650 #17 OleInitialize SHGetFileInfoW 3272->3276 3275 40369d GetCommandLineW 3351 40653d lstrcpynW 3275->3351 3350 40653d lstrcpynW 3276->3350 3278 4036af 3279 405e39 CharNextW 3278->3279 3280 4036d5 CharNextW 3279->3280 3292 4036e6 3280->3292 3281 4037e4 3282 4037f8 GetTempPathW 3281->3282 3352 4034fc 3282->3352 3284 403810 3286 403814 GetWindowsDirectoryW lstrcatW 3284->3286 3287 40386a DeleteFileW 3284->3287 3285 405e39 CharNextW 3285->3292 3288 4034fc 12 API calls 3286->3288 3362 40307d GetTickCount GetModuleFileNameW 3287->3362 3290 403830 3288->3290 3290->3287 3293 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3290->3293 3291 40387d 3295 403a59 ExitProcess OleUninitialize 3291->3295 3297 403932 3291->3297 3305 405e39 CharNextW 3291->3305 3292->3281 3292->3285 3294 4037e6 3292->3294 3296 4034fc 12 API calls 3293->3296 3446 40653d lstrcpynW 3294->3446 3299 403a69 3295->3299 3300 403a7e 3295->3300 3304 403862 3296->3304 3390 403bec 3297->3390 3451 405b9d 3299->3451 3302 403a86 GetCurrentProcess OpenProcessToken 3300->3302 3303 403afc ExitProcess 3300->3303 3308 403acc 3302->3308 3309 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3302->3309 3304->3287 3304->3295 3319 40389f 3305->3319 3312 40690a 5 API calls 3308->3312 3309->3308 3310 403941 3310->3295 3315 403ad3 3312->3315 3313 403908 3316 405f14 18 API calls 3313->3316 3314 403949 3318 405b08 5 API calls 3314->3318 3317 403ae8 ExitWindowsEx 3315->3317 3321 403af5 3315->3321 3320 403914 3316->3320 3317->3303 3317->3321 3322 40394e lstrcatW 3318->3322 3319->3313 3319->3314 3320->3295 3447 40653d lstrcpynW 3320->3447 3455 40140b 3321->3455 3323 40396a lstrcatW lstrcmpiW 3322->3323 3324 40395f lstrcatW 3322->3324 3323->3310 3326 40398a 3323->3326 3324->3323 3328 403996 3326->3328 3329 40398f 3326->3329 3332 405aeb 2 API calls 3328->3332 3331 405a6e 4 API calls 3329->3331 3330 403927 3448 40653d lstrcpynW 3330->3448 3334 403994 3331->3334 3335 40399b SetCurrentDirectoryW 3332->3335 3334->3335 3336 4039b8 3335->3336 3337 4039ad 3335->3337 3450 40653d lstrcpynW 3336->3450 3449 40653d lstrcpynW 3337->3449 3340 40657a 17 API calls 3341 4039fa DeleteFileW 3340->3341 3342 403a06 CopyFileW 3341->3342 3347 4039c5 3341->3347 3342->3347 3343 403a50 3345 4062fd 36 API calls 3343->3345 3344 4062fd 36 API calls 3344->3347 3345->3310 3346 40657a 17 API calls 3346->3347 3347->3340 3347->3343 3347->3344 3347->3346 3348 405b20 2 API calls 3347->3348 3349 403a3a CloseHandle 3347->3349 3348->3347 3349->3347 3350->3275 3351->3278 3353 4067c4 5 API calls 3352->3353 3355 403508 3353->3355 3354 403512 3354->3284 3355->3354 3356 405e0c 3 API calls 3355->3356 3357 40351a 3356->3357 3358 405aeb 2 API calls 3357->3358 3359 403520 3358->3359 3458 40605c 3359->3458 3462 40602d GetFileAttributesW CreateFileW 3362->3462 3364 4030bd 3382 4030cd 3364->3382 3463 40653d lstrcpynW 3364->3463 3366 4030e3 3367 405e58 2 API calls 3366->3367 3368 4030e9 3367->3368 3464 40653d lstrcpynW 3368->3464 3370 4030f4 GetFileSize 3371 4031ee 3370->3371 3389 40310b 3370->3389 3465 403019 3371->3465 3373 4031f7 3375 403227 GlobalAlloc 3373->3375 3373->3382 3500 4034e5 SetFilePointer 3373->3500 3476 4034e5 SetFilePointer 3375->3476 3377 40325a 3379 403019 6 API calls 3377->3379 3379->3382 3380 403210 3383 4034cf ReadFile 3380->3383 3381 403242 3477 4032b4 3381->3477 3382->3291 3385 40321b 3383->3385 3385->3375 3385->3382 3386 403019 6 API calls 3386->3389 3387 40324e 3387->3382 3387->3387 3388 40328b SetFilePointer 3387->3388 3388->3382 3389->3371 3389->3377 3389->3382 3389->3386 3497 4034cf 3389->3497 3391 40690a 5 API calls 3390->3391 3392 403c00 3391->3392 3393 403c06 3392->3393 3394 403c18 3392->3394 3517 406484 wsprintfW 3393->3517 3395 40640b 3 API calls 3394->3395 3396 403c48 3395->3396 3398 403c67 lstrcatW 3396->3398 3400 40640b 3 API calls 3396->3400 3399 403c16 3398->3399 3502 403ec2 3399->3502 3400->3398 3403 405f14 18 API calls 3404 403c99 3403->3404 3405 403d2d 3404->3405 3407 40640b 3 API calls 3404->3407 3406 405f14 18 API calls 3405->3406 3408 403d33 3406->3408 3409 403ccb 3407->3409 3410 403d43 LoadImageW 3408->3410 3411 40657a 17 API calls 3408->3411 3409->3405 3414 403cec lstrlenW 3409->3414 3418 405e39 CharNextW 3409->3418 3412 403de9 3410->3412 3413 403d6a RegisterClassW 3410->3413 3411->3410 3417 40140b 2 API calls 3412->3417 3415 403da0 SystemParametersInfoW CreateWindowExW 3413->3415 3416 403df3 3413->3416 3419 403d20 3414->3419 3420 403cfa lstrcmpiW 3414->3420 3415->3412 3416->3310 3423 403def 3417->3423 3421 403ce9 3418->3421 3424 405e0c 3 API calls 3419->3424 3420->3419 3422 403d0a GetFileAttributesW 3420->3422 3421->3414 3426 403d16 3422->3426 3423->3416 3427 403ec2 18 API calls 3423->3427 3425 403d26 3424->3425 3518 40653d lstrcpynW 3425->3518 3426->3419 3430 405e58 2 API calls 3426->3430 3428 403e00 3427->3428 3431 403e0c ShowWindow 3428->3431 3432 403e8f 3428->3432 3430->3419 3433 40689a 3 API calls 3431->3433 3510 405672 OleInitialize 3432->3510 3435 403e24 3433->3435 3439 403e32 GetClassInfoW 3435->3439 3441 40689a 3 API calls 3435->3441 3436 403e95 3437 403eb1 3436->3437 3438 403e99 3436->3438 3440 40140b 2 API calls 3437->3440 3438->3416 3444 40140b 2 API calls 3438->3444 3442 403e46 GetClassInfoW RegisterClassW 3439->3442 3443 403e5c DialogBoxParamW 3439->3443 3440->3416 3441->3439 3442->3443 3445 40140b 2 API calls 3443->3445 3444->3416 3445->3416 3446->3282 3447->3330 3448->3297 3449->3336 3450->3347 3452 405bb2 3451->3452 3453 403a76 ExitProcess 3452->3453 3454 405bc6 MessageBoxIndirectW 3452->3454 3454->3453 3456 401389 2 API calls 3455->3456 3457 401420 3456->3457 3457->3303 3459 406069 GetTickCount GetTempFileNameW 3458->3459 3460 40352b 3459->3460 3461 40609f 3459->3461 3460->3284 3461->3459 3461->3460 3462->3364 3463->3366 3464->3370 3466 403022 3465->3466 3467 40303a 3465->3467 3468 403032 3466->3468 3469 40302b DestroyWindow 3466->3469 3470 403042 3467->3470 3471 40304a GetTickCount 3467->3471 3468->3373 3469->3468 3472 406946 2 API calls 3470->3472 3473 403058 CreateDialogParamW ShowWindow 3471->3473 3474 40307b 3471->3474 3475 403048 3472->3475 3473->3474 3474->3373 3475->3373 3476->3381 3478 4032cd 3477->3478 3479 4032fb 3478->3479 3501 4034e5 SetFilePointer 3478->3501 3481 4034cf ReadFile 3479->3481 3482 403306 3481->3482 3483 403468 3482->3483 3484 403318 GetTickCount 3482->3484 3488 403452 3482->3488 3485 4034aa 3483->3485 3490 40346c 3483->3490 3484->3488 3493 403367 3484->3493 3487 4034cf ReadFile 3485->3487 3486 4034cf ReadFile 3486->3493 3487->3488 3488->3387 3489 4034cf ReadFile 3489->3490 3490->3488 3490->3489 3491 4060df WriteFile 3490->3491 3491->3490 3492 4033bd GetTickCount 3492->3493 3493->3486 3493->3488 3493->3492 3494 4033e2 MulDiv wsprintfW 3493->3494 3496 4060df WriteFile 3493->3496 3495 40559f 24 API calls 3494->3495 3495->3493 3496->3493 3498 4060b0 ReadFile 3497->3498 3499 4034e2 3498->3499 3499->3389 3500->3380 3501->3479 3503 403ed6 3502->3503 3519 406484 wsprintfW 3503->3519 3505 403f47 3520 403f7b 3505->3520 3507 403c77 3507->3403 3508 403f4c 3508->3507 3509 40657a 17 API calls 3508->3509 3509->3508 3523 4044e5 3510->3523 3512 405695 3516 4056bc 3512->3516 3526 401389 3512->3526 3513 4044e5 SendMessageW 3514 4056ce OleUninitialize 3513->3514 3514->3436 3516->3513 3517->3399 3518->3405 3519->3505 3521 40657a 17 API calls 3520->3521 3522 403f89 SetWindowTextW 3521->3522 3522->3508 3524 4044fd 3523->3524 3525 4044ee SendMessageW 3523->3525 3524->3512 3525->3524 3528 401390 3526->3528 3527 4013fe 3527->3512 3528->3527 3529 4013cb MulDiv SendMessageW 3528->3529 3529->3528 4376 401a30 4377 402da6 17 API calls 4376->4377 4378 401a39 ExpandEnvironmentStringsW 4377->4378 4379 401a4d 4378->4379 4381 401a60 4378->4381 4380 401a52 lstrcmpW 4379->4380 4379->4381 4380->4381 4387 4023b2 4388 4023c0 4387->4388 4389 4023ba 4387->4389 4391 402da6 17 API calls 4388->4391 4394 4023ce 4388->4394 4390 402da6 17 API calls 4389->4390 4390->4388 4391->4394 4392 402da6 17 API calls 4395 4023dc 4392->4395 4393 402da6 17 API calls 4396 4023e5 WritePrivateProfileStringW 4393->4396 4394->4392 4394->4395 4395->4393 4397 402434 4398 402467 4397->4398 4399 40243c 4397->4399 4400 402da6 17 API calls 4398->4400 4401 402de6 17 API calls 4399->4401 4402 40246e 4400->4402 4403 402443 4401->4403 4408 402e64 4402->4408 4405 402da6 17 API calls 4403->4405 4406 40247b 4403->4406 4407 402454 RegDeleteValueW RegCloseKey 4405->4407 4407->4406 4409 402e71 4408->4409 4410 402e78 4408->4410 4409->4406 4410->4409 4412 402ea9 4410->4412 4413 4063aa RegOpenKeyExW 4412->4413 4414 402ed7 4413->4414 4415 402ee7 RegEnumValueW 4414->4415 4416 402f0a 4414->4416 4423 402f81 4414->4423 4415->4416 4417 402f71 RegCloseKey 4415->4417 4416->4417 4418 402f46 RegEnumKeyW 4416->4418 4419 402f4f RegCloseKey 4416->4419 4421 402ea9 6 API calls 4416->4421 4417->4423 4418->4416 4418->4419 4420 40690a 5 API calls 4419->4420 4422 402f5f 4420->4422 4421->4416 4422->4423 4424 402f63 RegDeleteKeyW 4422->4424 4423->4409 4424->4423 4425 401735 4426 402da6 17 API calls 4425->4426 4427 40173c SearchPathW 4426->4427 4428 401757 4427->4428 4429 401d38 4430 402d84 17 API calls 4429->4430 4431 401d3f 4430->4431 4432 402d84 17 API calls 4431->4432 4433 401d4b GetDlgItem 4432->4433 4434 402638 4433->4434 4435 4014b8 4436 4014be 4435->4436 4437 401389 2 API calls 4436->4437 4438 4014c6 4437->4438 4439 40263e 4440 402652 4439->4440 4441 40266d 4439->4441 4442 402d84 17 API calls 4440->4442 4443 402672 4441->4443 4444 40269d 4441->4444 4451 402659 4442->4451 4445 402da6 17 API calls 4443->4445 4446 402da6 17 API calls 4444->4446 4448 402679 4445->4448 4447 4026a4 lstrlenW 4446->4447 4447->4451 4456 40655f WideCharToMultiByte 4448->4456 4450 40268d lstrlenA 4450->4451 4452 4026d1 4451->4452 4453 4026e7 4451->4453 4455 40610e 5 API calls 4451->4455 4452->4453 4454 4060df WriteFile 4452->4454 4454->4453 4455->4452 4456->4450

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 0040352D Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00008001), ref: 00403550
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                                                  • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe",00000020,"C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe",00000000), ref: 004036D6
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(1033), ref: 0040386F
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                                                    • Part of subcall function 00405AEB: CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe",00000000,?), ref: 0040397C
                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,20221121000000%2E000000%2B000,?), ref: 004039FB
                                                                                                                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                                                                                                                  • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                  • String ID: "C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe"$.tmp$1033$20221121000000%2E000000%2B000$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                  • API String ID: 2292928366-4231068689
                                                                                                                                                                                                                  • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                                                  • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 153 4058f0-4058f6 148->153 154 405944-405948 148->154 151 4058d0-4058df ShowWindow * 2 call 4044ce 149->151 152 405909-405912 call 404500 149->152 151->148 162 405917-40591b 152->162 155 4058f8-405904 call 404472 153->155 156 40591e-40592e ShowWindow 153->156 154->152 159 40594a-405950 154->159 155->152 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->152 167 405952-405965 SendMessageW 159->167 163->164 164->154 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004058B3
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                                                  • ShowWindow.USER32(00030454,00000008), ref: 004058DC
                                                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                  • String ID: {
                                                                                                                                                                                                                  • API String ID: 590372296-366298937
                                                                                                                                                                                                                  • Opcode ID: f8565664f7b2e804c40d78346ff69871c1535371e8e3cc69fe24884c49ce1a76
                                                                                                                                                                                                                  • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8565664f7b2e804c40d78346ff69871c1535371e8e3cc69fe24884c49ce1a76
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\*.*,\*.*), ref: 00405CBA
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                  • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsb237C.tmp\*.*$\*.*
                                                                                                                                                                                                                  • API String ID: 2035342205-4015922191
                                                                                                                                                                                                                  • Opcode ID: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                                                                                                                  • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(74DF3420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                  • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                  • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                  • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 211 4041d0-4041eb 198->211 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 210 404466 204->210 212 404100-40410e call 404500 206->212 213 404005-404018 GetWindowLongW 206->213 214 404046-404049 207->214 215 40402f-404041 DestroyWindow 207->215 224 404468-40446f 210->224 221 4041f4-4041fa 211->221 222 4041ed-4041ef call 40140b 211->222 212->224 213->212 223 40401e-404021 ShowWindow 213->223 217 40404b-404057 SetWindowLongW 214->217 218 40405c-404062 214->218 225 404443-404449 215->225 217->224 218->212 227 404068-404077 GetDlgItem 218->227 232 404200-40420b 221->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 221->233 222->221 223->207 225->210 231 40444b-404451 225->231 234 404096-404099 227->234 235 404079-404090 SendMessageW IsWindowEnabled 227->235 228->224 231->210 236 404453-40445c ShowWindow 231->236 232->233 237 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->237 233->225 238 40409b-40409c 234->238 239 40409e-4040a1 234->239 235->210 235->234 236->210 264 404260-404265 237->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb KiUserCallbackDispatcher 237->265 242 4040cc-4040d1 call 404472 238->242 243 4040a3-4040a9 239->243 244 4040af-4040b4 239->244 242->212 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->212 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->212 261 4040de-4040e8 252->261 262 4040ca 253->262 261->262 262->242 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->211 284 404339-40433b 273->284 284->211 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->225 288 40437e-4043ab CreateDialogParamW 286->288 287->210 289 404353-404359 287->289 288->225 290 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 288->290 289->211 291 40435f 289->291 290->210 296 40440a-40441d ShowWindow call 4044e5 290->296 291->210 298 404422 296->298 298->225
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040429C
                                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Item$MessageSendShow$Long$CallbackDispatcherMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3964124867-0
                                                                                                                                                                                                                  • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                                                  • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cd4 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 319->318 326 403cd6-403cda 319->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 342 403df3-403df6 328->342 343 403dfb-403e06 call 403ec2 328->343 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 341 403d0a-403d14 GetFileAttributesW 338->341 346 403d16-403d18 341->346 347 403d1a-403d1b call 405e58 341->347 342->336 352 403e0c-403e26 ShowWindow call 40689a 343->352 353 403e8f-403e90 call 405672 343->353 346->337 346->347 347->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 357 403e95-403e97 353->357 358 403eb1-403eb3 call 40140b 357->358 359 403e99-403e9f 357->359 358->333 359->342 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->342 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                    • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00432EA0,?,?,?,00432EA0,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74DF3420), ref: 00403CED
                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00432E98,.exe,00432EA0,?,?,?,00432EA0,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00432EA0,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403D54
                                                                                                                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$elete file:
                                                                                                                                                                                                                  • API String ID: 1975747703-4055150547
                                                                                                                                                                                                                  • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                                                  • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                                                  • API String ID: 2803837635-3580952883
                                                                                                                                                                                                                  • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                  • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 521 406796-406799 517->521 522 40678a-406794 517->522 519 40672c-406731 518->519 520 40663f-406646 518->520 526 406733-406739 519->526 527 406764-406769 519->527 523 406648-40664a 520->523 524 40664b-40664d 520->524 525 40679b-4067a4 521->525 522->525 523->524 528 40668a-40668d 524->528 529 40664f-40666d call 40640b 524->529 525->511 532 4065d7 525->532 533 406749-406755 call 40653d 526->533 534 40673b-406747 call 406484 526->534 530 406778-406786 lstrlenW 527->530 531 40676b-406773 call 40657a 527->531 538 40669d-4066a0 528->538 539 40668f-40669b GetSystemDirectoryW 528->539 543 406672-406676 529->543 530->525 531->530 532->512 542 40675a-406760 533->542 534->542 545 4066a2-4066b0 GetWindowsDirectoryW 538->545 546 406709-40670b 538->546 544 40670d-406711 539->544 542->530 547 406762 542->547 549 406713-406717 543->549 550 40667c-406685 call 40657a 543->550 544->549 551 406724-40672a call 4067c4 544->551 545->546 546->544 548 4066b2-4066ba 546->548 547->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 548->555 556 4066bc-4066c5 548->556 549->551 552 406719-40671f lstrcatW 549->552 550->544 551->530 552->551 557 406705 555->557 558 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->558 561 4066cd-4066cf 556->561 557->546 558->544 558->557 561->544 561->555
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00432EA0,00000400), ref: 00406695
                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00432EA0,00000400,00000000,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00000000,00424420,74DF23A0), ref: 004066A8
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406663
                                                                                                                                                                                                                  • 20221121000000%2E000000%2B000, xrefs: 0040674E
                                                                                                                                                                                                                  • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406719
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\nsb237C.tmp\, xrefs: 0040659F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                  • String ID: 20221121000000%2E000000%2B000$C:\Users\user\AppData\Local\Temp\nsb237C.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                  • API String ID: 4260037668-2091634524
                                                                                                                                                                                                                  • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                                                  • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004032B4 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 166COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 587 403474-40347a 582->587 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 587->591 592 40347e-40348c call 4034cf 587->592 591->592 592->572 599 40348e-40349a call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 606 403464-403466 599->606 607 40349c-4034a6 599->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->587 612 4034a8 607->612 613 4033e2-403418 MulDiv wsprintfW call 40559f 608->613 614 4033dc-4033e0 608->614 610 403454-403458 609->610 611 40341f-403423 609->611 610->581 618 40345e 610->618 616 403425-40342c call 4060df 611->616 617 40343a-403445 611->617 612->580 613->609 614->609 614->613 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CountTick$wsprintf
                                                                                                                                                                                                                  • String ID: *B$ DB$ A$ A$... %d%%$tClientRect$}8@
                                                                                                                                                                                                                  • API String ID: 551687249-400812307
                                                                                                                                                                                                                  • Opcode ID: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
                                                                                                                                                                                                                  • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db FindCloseChangeNotification 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,Set,Set,00000000,00000000,Set,C:\Program Files (x86)\Fast!,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\), ref: 0040560C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\nsb237C.tmp$C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsJSON.dll$Set
                                                                                                                                                                                                                  • API String ID: 1941528284-2816311015
                                                                                                                                                                                                                  • Opcode ID: 340e1442e1db9b0bbd45c79093729705e5d63a2406d9793f1b9f797b5a8be8ee
                                                                                                                                                                                                                  • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 340e1442e1db9b0bbd45c79093729705e5d63a2406d9793f1b9f797b5a8be8ee
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00403418,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                  • SetWindowTextW.USER32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\), ref: 0040560C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\
                                                                                                                                                                                                                  • API String ID: 1495540970-3491623015
                                                                                                                                                                                                                  • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                                                  • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 705 4026ec-402705 call 402d84 708 402c2a-402c2d 705->708 709 40270b-402712 705->709 710 402c33-402c39 708->710 711 402714 709->711 712 402717-40271a 709->712 711->712 714 402720-40272f call 40649d 712->714 715 40287e-402886 712->715 714->715 718 402735 714->718 715->708 719 40273b-40273f 718->719 720 4027d4-4027d7 719->720 721 402745-402760 ReadFile 719->721 723 4027d9-4027dc 720->723 724 4027ef-4027ff call 4060b0 720->724 721->715 722 402766-40276b 721->722 722->715 726 402771-40277f 722->726 723->724 727 4027de-4027e9 call 40610e 723->727 724->715 732 402801 724->732 729 402785-402797 MultiByteToWideChar 726->729 730 40283a-402846 call 406484 726->730 727->715 727->724 729->732 733 402799-40279c 729->733 730->710 736 402804-402807 732->736 737 40279e-4027a9 733->737 736->730 739 402809-40280e 736->739 737->736 740 4027ab-4027d0 SetFilePointer MultiByteToWideChar 737->740 741 402810-402815 739->741 742 40284b-40284f 739->742 740->737 743 4027d2 740->743 741->742 744 402817-40282a 741->744 745 402851-402855 742->745 746 40286c-402878 SetFilePointer 742->746 743->732 744->715 747 40282c-402832 744->747 748 402857-40285b 745->748 749 40285d-40286a 745->749 746->715 747->719 750 402838 747->750 748->746 748->749 749->715 750->715
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                    • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                  • String ID: 9
                                                                                                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                                                                                                  • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                  • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 751 40689a-4068ba GetSystemDirectoryW 752 4068bc 751->752 753 4068be-4068c0 751->753 752->753 754 4068d1-4068d3 753->754 755 4068c2-4068cb 753->755 757 4068d4-406907 wsprintfW LoadLibraryExW 754->757 755->754 756 4068cd-4068cf 755->756 756->757
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                  • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                  • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                  • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 758 405a6e-405ab9 CreateDirectoryW 759 405abb-405abd 758->759 760 405abf-405acc GetLastError 758->760 761 405ae6-405ae8 759->761 760->761 762 405ace-405ae2 SetFileSecurityW 760->762 762->759 763 405ae4 GetLastError 762->763 763->761
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 3449924974-3081826266
                                                                                                                                                                                                                  • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                  • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 764 401d81-401d85 765 401d94-401d9a GetDlgItem 764->765 766 401d87-401d92 call 402d84 764->766 767 401da0-401dcc 765->767 766->767 769 401dd7 767->769 770 401dce-401dd5 call 402da6 767->770 773 401ddb-401e31 GetClientRect LoadImageW SendMessageW 769->773 770->773 775 401e33-401e36 773->775 776 401e3f-401e42 773->776 775->776 777 401e38-401e39 DeleteObject 775->777 778 401e48 776->778 779 402c2a-402c39 776->779 777->776 778->779
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                                                  • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                  • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 782 401c43-401c63 call 402d84 * 2 787 401c65-401c6c call 402da6 782->787 788 401c6f-401c73 782->788 787->788 790 401c75-401c7c call 402da6 788->790 791 401c7f-401c85 788->791 790->791 794 401cd3-401cfd call 402da6 * 2 FindWindowExW 791->794 795 401c87-401ca3 call 402d84 * 2 791->795 805 401d03 794->805 806 401cc3-401cd1 SendMessageW 795->806 807 401ca5-401cc1 SendMessageTimeoutW 795->807 808 401d06-401d09 805->808 806->805 807->808 809 402c2a-402c39 808->809 810 401d0f 808->810 810->809
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                  • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                  • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                  • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 3248276644-3049482934
                                                                                                                                                                                                                  • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                  • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                  • API String ID: 1716503409-678247507
                                                                                                                                                                                                                  • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                  • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004020D8 Relevance: 6.1, APIs: 4, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00000400,?,0040CE50,0040A000,?,00000008,00000001,000000F0), ref: 00402164
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\), ref: 0040560C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Librarylstrlen$CallbackDispatcherFreeHandleLoadModuleTextUserWindowlstrcat
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 719239633-0
                                                                                                                                                                                                                  • Opcode ID: 0bf0e5e813b2564cc7cfb612efcde4c797e71ce7d2922b3564d4c07743ad1514
                                                                                                                                                                                                                  • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bf0e5e813b2564cc7cfb612efcde4c797e71ce7d2922b3564d4c07743ad1514
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                    • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,C:\Program Files (x86)\Fast!,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Program Files (x86)\Fast!, xrefs: 00401640
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                  • API String ID: 1892508949-1788482285
                                                                                                                                                                                                                  • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                  • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401F12 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                    • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                    • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                                                                                  • String ID: @$C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                  • API String ID: 4215836453-1939985250
                                                                                                                                                                                                                  • Opcode ID: e9e6b888b2ac62b7866e10c79cc816c8736e15ae282fdec460a2aeb23ba8a534
                                                                                                                                                                                                                  • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9e6b888b2ac62b7866e10c79cc816c8736e15ae282fdec460a2aeb23ba8a534
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 1100898210-3081826266
                                                                                                                                                                                                                  • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                  • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(03311D40), ref: 00401C0B
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                                                  • String ID: Set
                                                                                                                                                                                                                  • API String ID: 3292104215-3730400060
                                                                                                                                                                                                                  • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                                                  • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb237C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Enum$CloseValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 397863658-0
                                                                                                                                                                                                                  • Opcode ID: 89c6ceebaf26a2410158c75cc71a1e3b778611476644ea09d24f59567d4f9c93
                                                                                                                                                                                                                  • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89c6ceebaf26a2410158c75cc71a1e3b778611476644ea09d24f59567d4f9c93
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00406008: GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                    • Part of subcall function 00406008: SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1655745494-0
                                                                                                                                                                                                                  • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                  • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404472 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(00000408,?,00000000,004040D1), ref: 00404490
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID: x
                                                                                                                                                                                                                  • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                  • Opcode ID: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                                                                                                                  • Instruction ID: 1b38e0d23eed931a714c5b599c5829f4d2050063c4158495342b67dc2c27a344
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10C01271140200EACB004B00DE01F0A7A20B7A0B02F209039F381210B087B05422DB0C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb237C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3356406503-0
                                                                                                                                                                                                                  • Opcode ID: 3fb0128ec3c0afb48f28764f09fc95c95f98cfbd5e462e7a9813c2ba4e742ed8
                                                                                                                                                                                                                  • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fb0128ec3c0afb48f28764f09fc95c95f98cfbd5e462e7a9813c2ba4e742ed8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040640B Relevance: 3.0, APIs: 2, Instructions: 44registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00650000,00650000,00000000,00000000,00432EA0,00000800,00000000,?,00000000,00650000,00650000,00432EA0,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(00650000,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,00650000,00432EA0,00650000,00000000,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\), ref: 0040645C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3356406503-0
                                                                                                                                                                                                                  • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                  • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                  • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$EnableShow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1136574915-0
                                                                                                                                                                                                                  • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                  • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3712363035-0
                                                                                                                                                                                                                  • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                  • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                    • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                    • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                    • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2547128583-0
                                                                                                                                                                                                                  • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                  • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000B,00000001), ref: 00402C14
                                                                                                                                                                                                                  • InvalidateRect.USER32(?), ref: 00402C24
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 909852535-0
                                                                                                                                                                                                                  • Opcode ID: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                                                                                                                  • Instruction ID: 5efb85e177e5feb05262591b5578bbf68be0fc1facb886aaf0ec985341d6bcc2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEE08C72700008FFEB01CBA4EE84DAEB779FB40315B00007AF502A00A0D7300D40DA28
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                                                  • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                  • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                  • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                  • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\nsb237C.tmp\, xrefs: 00403B31
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb237C.tmp\
                                                                                                                                                                                                                  • API String ID: 2962429428-3491623015
                                                                                                                                                                                                                  • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                  • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                                                                                                  • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                  • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401FA4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\), ref: 0040560C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                    • Part of subcall function 00405B20: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                    • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                    • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                    • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1543427666-0
                                                                                                                                                                                                                  • Opcode ID: 11aaa4362747121357e125e8dbb3e446f77891c3c0f7104508ea78bcc2682684
                                                                                                                                                                                                                  • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11aaa4362747121357e125e8dbb3e446f77891c3c0f7104508ea78bcc2682684
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointerwsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 327478801-0
                                                                                                                                                                                                                  • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                                                  • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                  • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                  • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                  • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00650000,00432EA0,?,00650000,?,00406438,?,00000000,00650000,00650000,00432EA0,?), ref: 004063CE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Open
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                                                                                                  • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                  • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 281422827-0
                                                                                                                                                                                                                  • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                                                  • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(0003044C,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                  • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExecuteShell
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 587946157-0
                                                                                                                                                                                                                  • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                  • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                  • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                  • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                  • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                                                  • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                  • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                  • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                                                  • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00432EA0,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,00432EA0), ref: 00404AFD
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                                                    • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                                                    • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                    • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                    • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                  • String ID: 20221121000000%2E000000%2B000$A$C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                  • API String ID: 2624150263-2687562964
                                                                                                                                                                                                                  • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                                                  • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Program Files (x86)\Fast!, xrefs: 00402269
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                  • API String ID: 542301482-1788482285
                                                                                                                                                                                                                  • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                  • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                                                                                  • Opcode ID: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                                                                                                                  • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406D85 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                                                                  • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040755C Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                                                                  • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                  • String ID: $M$N
                                                                                                                                                                                                                  • API String ID: 2564846305-813528018
                                                                                                                                                                                                                  • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                                                  • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404658 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                  • String ID: N
                                                                                                                                                                                                                  • API String ID: 3103080414-1130791706
                                                                                                                                                                                                                  • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                  • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                  • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                                                  • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                  • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                  • API String ID: 2171350718-461813615
                                                                                                                                                                                                                  • Opcode ID: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                                                                                                                                                                  • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                                                  • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                  • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                  • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                                                  • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 589700163-4010320282
                                                                                                                                                                                                                  • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                  • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                                                  • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                                                  • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                  • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsb237C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                  • String ID: MS Shell Dlg
                                                                                                                                                                                                                  • API String ID: 2584051700-76309092
                                                                                                                                                                                                                  • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                                                  • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                  • MulDiv.KERNEL32(0001A853,00000064,0001D5B8), ref: 00402FDC
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                                                                                                  • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                  • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                                                                                                  • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                                                  • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1354259210-0
                                                                                                                                                                                                                  • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                                                  • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                  • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                                                  • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsb237C.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb237C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseValuelstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb237C.tmp
                                                                                                                                                                                                                  • API String ID: 2655323295-1921835167
                                                                                                                                                                                                                  • Opcode ID: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                                                                                                                  • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext
                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                  • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                  • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                  • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 2659869361-3081826266
                                                                                                                                                                                                                  • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                  • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsJSON.dll), ref: 00402695
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb237C.tmp$C:\Users\user\AppData\Local\Temp\nsb237C.tmp\nsJSON.dll
                                                                                                                                                                                                                  • API String ID: 1659193697-3572579095
                                                                                                                                                                                                                  • Opcode ID: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                                                                                                                  • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                                                                                                  • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                  • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                                                    • Part of subcall function 004044E5: SendMessageW.USER32(0003044C,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                  • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                  • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                  • API String ID: 2709904686-224404859
                                                                                                                                                                                                                  • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                  • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984810284.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984797204.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984824707.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984838346.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984961572.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                                                  • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                  • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:30.5%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                  Total number of Nodes:1352
                                                                                                                                                                                                                  Total number of Limit Nodes:36
                                                                                                                                                                                                                  execution_graph 2924 4015c1 2943 402da6 2924->2943 2928 401631 2930 401663 2928->2930 2931 401636 2928->2931 2933 401423 24 API calls 2930->2933 2967 401423 2931->2967 2940 40165b 2933->2940 2938 40164a SetCurrentDirectoryW 2938->2940 2939 401617 GetFileAttributesW 2941 4015d1 2939->2941 2941->2928 2941->2939 2955 405e39 2941->2955 2959 405b08 2941->2959 2962 405a6e CreateDirectoryW 2941->2962 2971 405aeb CreateDirectoryW 2941->2971 2944 402db2 2943->2944 2974 40657a 2944->2974 2947 4015c8 2949 405eb7 CharNextW CharNextW 2947->2949 2950 405ed4 2949->2950 2954 405ee6 2949->2954 2951 405ee1 CharNextW 2950->2951 2950->2954 2952 405f0a 2951->2952 2952->2941 2953 405e39 CharNextW 2953->2954 2954->2952 2954->2953 2956 405e3f 2955->2956 2957 405e55 2956->2957 2958 405e46 CharNextW 2956->2958 2957->2941 2958->2956 3012 40690a GetModuleHandleA 2959->3012 2963 405abb 2962->2963 2964 405abf GetLastError 2962->2964 2963->2941 2964->2963 2965 405ace SetFileSecurityW 2964->2965 2965->2963 2966 405ae4 GetLastError 2965->2966 2966->2963 3021 40559f 2967->3021 2970 40653d lstrcpynW 2970->2938 2972 405afb 2971->2972 2973 405aff GetLastError 2971->2973 2972->2941 2973->2972 2978 406587 2974->2978 2975 4067aa 2976 402dd3 2975->2976 3007 40653d lstrcpynW 2975->3007 2976->2947 2991 4067c4 2976->2991 2978->2975 2979 406778 lstrlenW 2978->2979 2982 40657a 10 API calls 2978->2982 2983 40668f GetSystemDirectoryW 2978->2983 2985 4066a2 GetWindowsDirectoryW 2978->2985 2986 406719 lstrcatW 2978->2986 2987 40657a 10 API calls 2978->2987 2988 4067c4 5 API calls 2978->2988 2989 4066d1 SHGetSpecialFolderLocation 2978->2989 3000 40640b 2978->3000 3005 406484 wsprintfW 2978->3005 3006 40653d lstrcpynW 2978->3006 2979->2978 2982->2979 2983->2978 2985->2978 2986->2978 2987->2978 2988->2978 2989->2978 2990 4066e9 SHGetPathFromIDListW CoTaskMemFree 2989->2990 2990->2978 2997 4067d1 2991->2997 2992 406847 2993 40684c CharPrevW 2992->2993 2995 40686d 2992->2995 2993->2992 2994 40683a CharNextW 2994->2992 2994->2997 2995->2947 2996 405e39 CharNextW 2996->2997 2997->2992 2997->2994 2997->2996 2998 406826 CharNextW 2997->2998 2999 406835 CharNextW 2997->2999 2998->2997 2999->2994 3008 4063aa 3000->3008 3003 40646f 3003->2978 3004 40643f RegQueryValueExW RegCloseKey 3004->3003 3005->2978 3006->2978 3007->2976 3009 4063b9 3008->3009 3010 4063c2 RegOpenKeyExW 3009->3010 3011 4063bd 3009->3011 3010->3011 3011->3003 3011->3004 3013 406930 GetProcAddress 3012->3013 3014 406926 3012->3014 3016 405b0f 3013->3016 3018 40689a GetSystemDirectoryW 3014->3018 3016->2941 3017 40692c 3017->3013 3017->3016 3019 4068bc wsprintfW LoadLibraryExW 3018->3019 3019->3017 3022 4055ba 3021->3022 3023 401431 3021->3023 3024 4055d6 lstrlenW 3022->3024 3025 40657a 17 API calls 3022->3025 3023->2970 3026 4055e4 lstrlenW 3024->3026 3027 4055ff 3024->3027 3025->3024 3026->3023 3028 4055f6 lstrcatW 3026->3028 3029 405612 3027->3029 3030 405605 SetWindowTextW 3027->3030 3028->3027 3029->3023 3031 405618 SendMessageW SendMessageW SendMessageW 3029->3031 3030->3029 3031->3023 3032 401941 3033 401943 3032->3033 3034 402da6 17 API calls 3033->3034 3035 401948 3034->3035 3038 405c49 3035->3038 3074 405f14 3038->3074 3041 405c71 DeleteFileW 3072 401951 3041->3072 3042 405c88 3043 405da8 3042->3043 3088 40653d lstrcpynW 3042->3088 3043->3072 3107 406873 FindFirstFileW 3043->3107 3045 405cae 3046 405cc1 3045->3046 3047 405cb4 lstrcatW 3045->3047 3098 405e58 lstrlenW 3046->3098 3049 405cc7 3047->3049 3051 405cd7 lstrcatW 3049->3051 3053 405ce2 lstrlenW FindFirstFileW 3049->3053 3051->3053 3053->3043 3065 405d04 3053->3065 3056 405d8b FindNextFileW 3060 405da1 FindClose 3056->3060 3056->3065 3057 405c01 5 API calls 3059 405de3 3057->3059 3061 405de7 3059->3061 3062 405dfd 3059->3062 3060->3043 3066 40559f 24 API calls 3061->3066 3061->3072 3064 40559f 24 API calls 3062->3064 3064->3072 3065->3056 3067 405c49 60 API calls 3065->3067 3069 40559f 24 API calls 3065->3069 3071 40559f 24 API calls 3065->3071 3089 40653d lstrcpynW 3065->3089 3090 405c01 3065->3090 3102 4062fd MoveFileExW 3065->3102 3068 405df4 3066->3068 3067->3065 3070 4062fd 36 API calls 3068->3070 3069->3056 3070->3072 3071->3065 3113 40653d lstrcpynW 3074->3113 3076 405f25 3077 405eb7 4 API calls 3076->3077 3078 405f2b 3077->3078 3079 405c69 3078->3079 3080 4067c4 5 API calls 3078->3080 3079->3041 3079->3042 3086 405f3b 3080->3086 3081 405f6c lstrlenW 3082 405f77 3081->3082 3081->3086 3084 405e0c 3 API calls 3082->3084 3083 406873 2 API calls 3083->3086 3085 405f7c GetFileAttributesW 3084->3085 3085->3079 3086->3079 3086->3081 3086->3083 3087 405e58 2 API calls 3086->3087 3087->3081 3088->3045 3089->3065 3114 406008 GetFileAttributesW 3090->3114 3093 405c2e 3093->3065 3094 405c24 DeleteFileW 3096 405c2a 3094->3096 3095 405c1c RemoveDirectoryW 3095->3096 3096->3093 3097 405c3a SetFileAttributesW 3096->3097 3097->3093 3099 405e66 3098->3099 3100 405e78 3099->3100 3101 405e6c CharPrevW 3099->3101 3100->3049 3101->3099 3101->3100 3103 406320 3102->3103 3104 406311 3102->3104 3103->3065 3117 406183 3104->3117 3108 405dcd 3107->3108 3109 406889 FindClose 3107->3109 3108->3072 3110 405e0c lstrlenW CharPrevW 3108->3110 3109->3108 3111 405dd7 3110->3111 3112 405e28 lstrcatW 3110->3112 3111->3057 3112->3111 3113->3076 3115 405c0d 3114->3115 3116 40601a SetFileAttributesW 3114->3116 3115->3093 3115->3094 3115->3095 3116->3115 3118 4061b3 3117->3118 3119 4061d9 GetShortPathNameW 3117->3119 3144 40602d GetFileAttributesW CreateFileW 3118->3144 3121 4062f8 3119->3121 3122 4061ee 3119->3122 3121->3103 3122->3121 3124 4061f6 wsprintfA 3122->3124 3123 4061bd CloseHandle GetShortPathNameW 3123->3121 3125 4061d1 3123->3125 3126 40657a 17 API calls 3124->3126 3125->3119 3125->3121 3127 40621e 3126->3127 3145 40602d GetFileAttributesW CreateFileW 3127->3145 3129 40622b 3129->3121 3130 40623a GetFileSize GlobalAlloc 3129->3130 3131 4062f1 CloseHandle 3130->3131 3132 40625c 3130->3132 3131->3121 3146 4060b0 ReadFile 3132->3146 3137 40627b lstrcpyA 3140 40629d 3137->3140 3138 40628f 3139 405f92 4 API calls 3138->3139 3139->3140 3141 4062d4 SetFilePointer 3140->3141 3153 4060df WriteFile 3141->3153 3144->3123 3145->3129 3147 4060ce 3146->3147 3147->3131 3148 405f92 lstrlenA 3147->3148 3149 405fd3 lstrlenA 3148->3149 3150 405fdb 3149->3150 3151 405fac lstrcmpiA 3149->3151 3150->3137 3150->3138 3151->3150 3152 405fca CharNextA 3151->3152 3152->3149 3154 4060fd GlobalFree 3153->3154 3154->3131 3155 401c43 3177 402d84 3155->3177 3157 401c4a 3158 402d84 17 API calls 3157->3158 3159 401c57 3158->3159 3160 401c6c 3159->3160 3161 402da6 17 API calls 3159->3161 3162 401c7c 3160->3162 3163 402da6 17 API calls 3160->3163 3161->3160 3164 401cd3 3162->3164 3165 401c87 3162->3165 3163->3162 3167 402da6 17 API calls 3164->3167 3166 402d84 17 API calls 3165->3166 3169 401c8c 3166->3169 3168 401cd8 3167->3168 3170 402da6 17 API calls 3168->3170 3171 402d84 17 API calls 3169->3171 3172 401ce1 FindWindowExW 3170->3172 3173 401c98 3171->3173 3176 401d03 3172->3176 3174 401cc3 SendMessageW 3173->3174 3175 401ca5 SendMessageTimeoutW 3173->3175 3174->3176 3175->3176 3178 40657a 17 API calls 3177->3178 3179 402d99 3178->3179 3179->3157 3856 404943 3857 404953 3856->3857 3858 404979 3856->3858 3859 404499 18 API calls 3857->3859 3860 404500 8 API calls 3858->3860 3861 404960 SetDlgItemTextW 3859->3861 3862 404985 3860->3862 3861->3858 3863 4028c4 3864 4028ca 3863->3864 3865 4028d2 FindClose 3864->3865 3866 402c2a 3864->3866 3865->3866 3870 4016cc 3871 402da6 17 API calls 3870->3871 3872 4016d2 GetFullPathNameW 3871->3872 3873 4016ec 3872->3873 3879 40170e 3872->3879 3876 406873 2 API calls 3873->3876 3873->3879 3874 401723 GetShortPathNameW 3875 402c2a 3874->3875 3877 4016fe 3876->3877 3877->3879 3880 40653d lstrcpynW 3877->3880 3879->3874 3879->3875 3880->3879 3881 401e4e GetDC 3882 402d84 17 API calls 3881->3882 3883 401e60 GetDeviceCaps MulDiv ReleaseDC 3882->3883 3884 402d84 17 API calls 3883->3884 3885 401e91 3884->3885 3886 40657a 17 API calls 3885->3886 3887 401ece CreateFontIndirectW 3886->3887 3888 402638 3887->3888 3889 4045cf lstrcpynW lstrlenW 3602 402950 3603 402da6 17 API calls 3602->3603 3605 40295c 3603->3605 3604 402972 3607 406008 2 API calls 3604->3607 3605->3604 3606 402da6 17 API calls 3605->3606 3606->3604 3608 402978 3607->3608 3630 40602d GetFileAttributesW CreateFileW 3608->3630 3610 402985 3611 402a3b 3610->3611 3612 4029a0 GlobalAlloc 3610->3612 3613 402a23 3610->3613 3614 402a42 DeleteFileW 3611->3614 3615 402a55 3611->3615 3612->3613 3616 4029b9 3612->3616 3617 4032b4 31 API calls 3613->3617 3614->3615 3631 4034e5 SetFilePointer 3616->3631 3619 402a30 CloseHandle 3617->3619 3619->3611 3620 4029bf 3621 4034cf ReadFile 3620->3621 3622 4029c8 GlobalAlloc 3621->3622 3623 4029d8 3622->3623 3624 402a0c 3622->3624 3625 4032b4 31 API calls 3623->3625 3626 4060df WriteFile 3624->3626 3629 4029e5 3625->3629 3627 402a18 GlobalFree 3626->3627 3627->3613 3628 402a03 GlobalFree 3628->3624 3629->3628 3630->3610 3631->3620 3890 401956 3891 402da6 17 API calls 3890->3891 3892 40195d lstrlenW 3891->3892 3893 402638 3892->3893 3643 4014d7 3644 402d84 17 API calls 3643->3644 3645 4014dd Sleep 3644->3645 3647 402c2a 3645->3647 3648 4020d8 3649 4020ea 3648->3649 3659 40219c 3648->3659 3650 402da6 17 API calls 3649->3650 3652 4020f1 3650->3652 3651 401423 24 API calls 3657 4022f6 3651->3657 3653 402da6 17 API calls 3652->3653 3654 4020fa 3653->3654 3655 402110 LoadLibraryExW 3654->3655 3656 402102 GetModuleHandleW 3654->3656 3658 402121 3655->3658 3655->3659 3656->3655 3656->3658 3668 406979 3658->3668 3659->3651 3662 402132 3665 401423 24 API calls 3662->3665 3666 402142 3662->3666 3663 40216b 3664 40559f 24 API calls 3663->3664 3664->3666 3665->3666 3666->3657 3667 40218e FreeLibrary 3666->3667 3667->3657 3673 40655f WideCharToMultiByte 3668->3673 3670 406996 3671 40699d GetProcAddress 3670->3671 3672 40212c 3670->3672 3671->3672 3672->3662 3672->3663 3673->3670 3894 404658 3895 404670 3894->3895 3901 40478a 3894->3901 3902 404499 18 API calls 3895->3902 3896 4047f4 3897 4048be 3896->3897 3898 4047fe GetDlgItem 3896->3898 3903 404500 8 API calls 3897->3903 3899 404818 3898->3899 3900 40487f 3898->3900 3899->3900 3907 40483e SendMessageW LoadCursorW SetCursor 3899->3907 3900->3897 3908 404891 3900->3908 3901->3896 3901->3897 3904 4047c5 GetDlgItem SendMessageW 3901->3904 3905 4046d7 3902->3905 3906 4048b9 3903->3906 3927 4044bb KiUserCallbackDispatcher 3904->3927 3910 404499 18 API calls 3905->3910 3931 404907 3907->3931 3913 4048a7 3908->3913 3914 404897 SendMessageW 3908->3914 3911 4046e4 CheckDlgButton 3910->3911 3925 4044bb KiUserCallbackDispatcher 3911->3925 3913->3906 3918 4048ad SendMessageW 3913->3918 3914->3913 3915 4047ef 3928 4048e3 3915->3928 3918->3906 3920 404702 GetDlgItem 3926 4044ce SendMessageW 3920->3926 3922 404718 SendMessageW 3923 404735 GetSysColor 3922->3923 3924 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3922->3924 3923->3924 3924->3906 3925->3920 3926->3922 3927->3915 3929 4048f1 3928->3929 3930 4048f6 SendMessageW 3928->3930 3929->3930 3930->3896 3934 405b63 ShellExecuteExW 3931->3934 3933 40486d LoadCursorW SetCursor 3933->3900 3934->3933 3935 402b59 3936 402b60 3935->3936 3937 402bab 3935->3937 3940 402d84 17 API calls 3936->3940 3943 402ba9 3936->3943 3938 40690a 5 API calls 3937->3938 3939 402bb2 3938->3939 3941 402da6 17 API calls 3939->3941 3942 402b6e 3940->3942 3944 402bbb 3941->3944 3945 402d84 17 API calls 3942->3945 3944->3943 3946 402bbf IIDFromString 3944->3946 3948 402b7a 3945->3948 3946->3943 3947 402bce 3946->3947 3947->3943 3953 40653d lstrcpynW 3947->3953 3952 406484 wsprintfW 3948->3952 3951 402beb CoTaskMemFree 3951->3943 3952->3943 3953->3951 3793 40175c 3794 402da6 17 API calls 3793->3794 3795 401763 3794->3795 3796 40605c 2 API calls 3795->3796 3797 40176a 3796->3797 3798 40605c 2 API calls 3797->3798 3798->3797 3954 401d5d 3955 402d84 17 API calls 3954->3955 3956 401d6e SetWindowLongW 3955->3956 3957 402c2a 3956->3957 3799 401ede 3800 402d84 17 API calls 3799->3800 3801 401ee4 3800->3801 3802 402d84 17 API calls 3801->3802 3803 401ef0 3802->3803 3804 401f07 EnableWindow 3803->3804 3805 401efc ShowWindow 3803->3805 3806 402c2a 3804->3806 3805->3806 3807 4056de 3808 405888 3807->3808 3809 4056ff GetDlgItem GetDlgItem GetDlgItem 3807->3809 3811 405891 GetDlgItem CreateThread CloseHandle 3808->3811 3812 4058b9 3808->3812 3852 4044ce SendMessageW 3809->3852 3811->3812 3855 405672 5 API calls 3811->3855 3814 4058e4 3812->3814 3816 4058d0 ShowWindow ShowWindow 3812->3816 3817 405909 3812->3817 3813 40576f 3821 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3813->3821 3815 405944 3814->3815 3818 4058f8 3814->3818 3819 40591e ShowWindow 3814->3819 3815->3817 3828 405952 SendMessageW 3815->3828 3854 4044ce SendMessageW 3816->3854 3820 404500 8 API calls 3817->3820 3823 404472 SendMessageW 3818->3823 3824 405930 3819->3824 3825 40593e 3819->3825 3833 405917 3820->3833 3826 4057e4 3821->3826 3827 4057c8 SendMessageW SendMessageW 3821->3827 3823->3817 3829 40559f 24 API calls 3824->3829 3830 404472 SendMessageW 3825->3830 3831 4057f7 3826->3831 3832 4057e9 SendMessageW 3826->3832 3827->3826 3828->3833 3834 40596b CreatePopupMenu 3828->3834 3829->3825 3830->3815 3836 404499 18 API calls 3831->3836 3832->3831 3835 40657a 17 API calls 3834->3835 3837 40597b AppendMenuW 3835->3837 3838 405807 3836->3838 3839 405998 GetWindowRect 3837->3839 3840 4059ab TrackPopupMenu 3837->3840 3841 405810 ShowWindow 3838->3841 3842 405844 GetDlgItem SendMessageW 3838->3842 3839->3840 3840->3833 3843 4059c6 3840->3843 3844 405833 3841->3844 3845 405826 ShowWindow 3841->3845 3842->3833 3846 40586b SendMessageW SendMessageW 3842->3846 3847 4059e2 SendMessageW 3843->3847 3853 4044ce SendMessageW 3844->3853 3845->3844 3846->3833 3847->3847 3848 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3847->3848 3850 405a24 SendMessageW 3848->3850 3850->3850 3851 405a4d GlobalUnlock SetClipboardData CloseClipboard 3850->3851 3851->3833 3852->3813 3853->3842 3854->3814 3958 4028de 3959 4028e6 3958->3959 3960 4028ea FindNextFileW 3959->3960 3963 4028fc 3959->3963 3961 402943 3960->3961 3960->3963 3964 40653d lstrcpynW 3961->3964 3964->3963 3965 404ce0 3966 404cf0 3965->3966 3967 404d0c 3965->3967 3976 405b81 GetDlgItemTextW 3966->3976 3968 404d12 SHGetPathFromIDListW 3967->3968 3969 404d3f 3967->3969 3971 404d29 SendMessageW 3968->3971 3972 404d22 3968->3972 3971->3969 3974 40140b 2 API calls 3972->3974 3973 404cfd SendMessageW 3973->3967 3974->3971 3976->3973 3180 405b63 ShellExecuteExW 3977 401563 3978 402ba4 3977->3978 3981 406484 wsprintfW 3978->3981 3980 402ba9 3981->3980 3982 401968 3983 402d84 17 API calls 3982->3983 3984 40196f 3983->3984 3985 402d84 17 API calls 3984->3985 3986 40197c 3985->3986 3987 402da6 17 API calls 3986->3987 3988 401993 lstrlenW 3987->3988 3989 4019a4 3988->3989 3993 4019e5 3989->3993 3994 40653d lstrcpynW 3989->3994 3991 4019d5 3992 4019da lstrlenW 3991->3992 3991->3993 3992->3993 3994->3991 3995 40166a 3996 402da6 17 API calls 3995->3996 3997 401670 3996->3997 3998 406873 2 API calls 3997->3998 3999 401676 3998->3999 4000 402aeb 4001 402d84 17 API calls 4000->4001 4002 402af1 4001->4002 4003 40292e 4002->4003 4004 40657a 17 API calls 4002->4004 4004->4003 3291 4026ec 3292 402d84 17 API calls 3291->3292 3293 4026fb 3292->3293 3294 402745 ReadFile 3293->3294 3295 4060b0 ReadFile 3293->3295 3296 4027de 3293->3296 3298 402785 MultiByteToWideChar 3293->3298 3299 40283a 3293->3299 3301 4027ab SetFilePointer MultiByteToWideChar 3293->3301 3302 40284b 3293->3302 3304 402838 3293->3304 3294->3293 3294->3304 3295->3293 3296->3293 3296->3304 3305 40610e SetFilePointer 3296->3305 3298->3293 3314 406484 wsprintfW 3299->3314 3301->3293 3303 40286c SetFilePointer 3302->3303 3302->3304 3303->3304 3306 40612a 3305->3306 3309 406142 3305->3309 3307 4060b0 ReadFile 3306->3307 3308 406136 3307->3308 3308->3309 3310 406173 SetFilePointer 3308->3310 3311 40614b SetFilePointer 3308->3311 3309->3296 3310->3309 3311->3310 3312 406156 3311->3312 3313 4060df WriteFile 3312->3313 3313->3309 3314->3304 3561 40176f 3562 402da6 17 API calls 3561->3562 3563 401776 3562->3563 3564 401796 3563->3564 3565 40179e 3563->3565 3600 40653d lstrcpynW 3564->3600 3601 40653d lstrcpynW 3565->3601 3568 40179c 3572 4067c4 5 API calls 3568->3572 3569 4017a9 3570 405e0c 3 API calls 3569->3570 3571 4017af lstrcatW 3570->3571 3571->3568 3589 4017bb 3572->3589 3573 406873 2 API calls 3573->3589 3574 406008 2 API calls 3574->3589 3576 4017cd CompareFileTime 3576->3589 3577 40188d 3579 40559f 24 API calls 3577->3579 3578 401864 3580 40559f 24 API calls 3578->3580 3584 401879 3578->3584 3582 401897 3579->3582 3580->3584 3581 40653d lstrcpynW 3581->3589 3583 4032b4 31 API calls 3582->3583 3585 4018aa 3583->3585 3586 4018be SetFileTime 3585->3586 3587 4018d0 FindCloseChangeNotification 3585->3587 3586->3587 3587->3584 3590 4018e1 3587->3590 3588 40657a 17 API calls 3588->3589 3589->3573 3589->3574 3589->3576 3589->3577 3589->3578 3589->3581 3589->3588 3595 405b9d MessageBoxIndirectW 3589->3595 3599 40602d GetFileAttributesW CreateFileW 3589->3599 3591 4018e6 3590->3591 3592 4018f9 3590->3592 3593 40657a 17 API calls 3591->3593 3594 40657a 17 API calls 3592->3594 3596 4018ee lstrcatW 3593->3596 3597 401901 3594->3597 3595->3589 3596->3597 3598 405b9d MessageBoxIndirectW 3597->3598 3598->3584 3599->3589 3600->3568 3601->3569 4005 401a72 4006 402d84 17 API calls 4005->4006 4007 401a7b 4006->4007 4008 402d84 17 API calls 4007->4008 4009 401a20 4008->4009 4010 401573 4011 401583 ShowWindow 4010->4011 4012 40158c 4010->4012 4011->4012 4013 402c2a 4012->4013 4014 40159a ShowWindow 4012->4014 4014->4013 4015 4023f4 4016 402da6 17 API calls 4015->4016 4017 402403 4016->4017 4018 402da6 17 API calls 4017->4018 4019 40240c 4018->4019 4020 402da6 17 API calls 4019->4020 4021 402416 GetPrivateProfileStringW 4020->4021 4022 4014f5 SetForegroundWindow 4023 402c2a 4022->4023 4024 401ff6 4025 402da6 17 API calls 4024->4025 4026 401ffd 4025->4026 4027 406873 2 API calls 4026->4027 4028 402003 4027->4028 4030 402014 4028->4030 4031 406484 wsprintfW 4028->4031 4031->4030 4032 401b77 4033 402da6 17 API calls 4032->4033 4034 401b7e 4033->4034 4035 402d84 17 API calls 4034->4035 4036 401b87 wsprintfW 4035->4036 4037 402c2a 4036->4037 4038 40167b 4039 402da6 17 API calls 4038->4039 4040 401682 4039->4040 4041 402da6 17 API calls 4040->4041 4042 40168b 4041->4042 4043 402da6 17 API calls 4042->4043 4044 401694 MoveFileW 4043->4044 4045 4016a7 4044->4045 4051 4016a0 4044->4051 4047 406873 2 API calls 4045->4047 4049 4022f6 4045->4049 4046 401423 24 API calls 4046->4049 4048 4016b6 4047->4048 4048->4049 4050 4062fd 36 API calls 4048->4050 4050->4051 4051->4046 4052 4019ff 4053 402da6 17 API calls 4052->4053 4054 401a06 4053->4054 4055 402da6 17 API calls 4054->4055 4056 401a0f 4055->4056 4057 401a16 lstrcmpiW 4056->4057 4058 401a28 lstrcmpW 4056->4058 4059 401a1c 4057->4059 4058->4059 4060 4022ff 4061 402da6 17 API calls 4060->4061 4062 402305 4061->4062 4063 402da6 17 API calls 4062->4063 4064 40230e 4063->4064 4065 402da6 17 API calls 4064->4065 4066 402317 4065->4066 4067 406873 2 API calls 4066->4067 4068 402320 4067->4068 4069 402331 lstrlenW lstrlenW 4068->4069 4070 402324 4068->4070 4072 40559f 24 API calls 4069->4072 4071 40559f 24 API calls 4070->4071 4074 40232c 4070->4074 4071->4074 4073 40236f SHFileOperationW 4072->4073 4073->4070 4073->4074 4075 401000 4076 401037 BeginPaint GetClientRect 4075->4076 4077 40100c DefWindowProcW 4075->4077 4079 4010f3 4076->4079 4082 401179 4077->4082 4080 401073 CreateBrushIndirect FillRect DeleteObject 4079->4080 4081 4010fc 4079->4081 4080->4079 4083 401102 CreateFontIndirectW 4081->4083 4084 401167 EndPaint 4081->4084 4083->4084 4085 401112 6 API calls 4083->4085 4084->4082 4085->4084 4086 401d81 4087 401d94 GetDlgItem 4086->4087 4088 401d87 4086->4088 4090 401d8e 4087->4090 4089 402d84 17 API calls 4088->4089 4089->4090 4091 401dd5 GetClientRect LoadImageW SendMessageW 4090->4091 4092 402da6 17 API calls 4090->4092 4094 401e33 4091->4094 4096 401e3f 4091->4096 4092->4091 4095 401e38 DeleteObject 4094->4095 4094->4096 4095->4096 4097 401503 4098 40150b 4097->4098 4100 40151e 4097->4100 4099 402d84 17 API calls 4098->4099 4099->4100 4101 402383 4102 40238a 4101->4102 4105 40239d 4101->4105 4103 40657a 17 API calls 4102->4103 4104 402397 4103->4104 4106 405b9d MessageBoxIndirectW 4104->4106 4106->4105 4107 402c05 SendMessageW 4108 402c2a 4107->4108 4109 402c1f InvalidateRect 4107->4109 4109->4108 4110 404f06 GetDlgItem GetDlgItem 4111 404f58 7 API calls 4110->4111 4117 40517d 4110->4117 4112 404ff2 SendMessageW 4111->4112 4113 404fff DeleteObject 4111->4113 4112->4113 4114 405008 4113->4114 4115 40503f 4114->4115 4118 40657a 17 API calls 4114->4118 4119 404499 18 API calls 4115->4119 4116 40525f 4120 40530b 4116->4120 4130 4052b8 SendMessageW 4116->4130 4150 405170 4116->4150 4117->4116 4121 4051ec 4117->4121 4164 404e54 SendMessageW 4117->4164 4124 405021 SendMessageW SendMessageW 4118->4124 4125 405053 4119->4125 4122 405315 SendMessageW 4120->4122 4123 40531d 4120->4123 4121->4116 4126 405251 SendMessageW 4121->4126 4122->4123 4132 405336 4123->4132 4133 40532f ImageList_Destroy 4123->4133 4148 405346 4123->4148 4124->4114 4129 404499 18 API calls 4125->4129 4126->4116 4127 404500 8 API calls 4131 40550c 4127->4131 4143 405064 4129->4143 4135 4052cd SendMessageW 4130->4135 4130->4150 4136 40533f GlobalFree 4132->4136 4132->4148 4133->4132 4134 4054c0 4139 4054d2 ShowWindow GetDlgItem ShowWindow 4134->4139 4134->4150 4138 4052e0 4135->4138 4136->4148 4137 40513f GetWindowLongW SetWindowLongW 4140 405158 4137->4140 4149 4052f1 SendMessageW 4138->4149 4139->4150 4141 405175 4140->4141 4142 40515d ShowWindow 4140->4142 4163 4044ce SendMessageW 4141->4163 4162 4044ce SendMessageW 4142->4162 4143->4137 4144 40513a 4143->4144 4147 4050b7 SendMessageW 4143->4147 4151 4050f5 SendMessageW 4143->4151 4152 405109 SendMessageW 4143->4152 4144->4137 4144->4140 4147->4143 4148->4134 4155 405381 4148->4155 4169 404ed4 4148->4169 4149->4120 4150->4127 4151->4143 4152->4143 4154 40548b 4156 405496 InvalidateRect 4154->4156 4159 4054a2 4154->4159 4157 4053af SendMessageW 4155->4157 4158 4053c5 4155->4158 4156->4159 4157->4158 4158->4154 4160 405439 SendMessageW SendMessageW 4158->4160 4159->4134 4178 404e0f 4159->4178 4160->4158 4162->4150 4163->4117 4165 404eb3 SendMessageW 4164->4165 4166 404e77 GetMessagePos ScreenToClient SendMessageW 4164->4166 4168 404eab 4165->4168 4167 404eb0 4166->4167 4166->4168 4167->4165 4168->4121 4181 40653d lstrcpynW 4169->4181 4171 404ee7 4182 406484 wsprintfW 4171->4182 4173 404ef1 4174 40140b 2 API calls 4173->4174 4175 404efa 4174->4175 4183 40653d lstrcpynW 4175->4183 4177 404f01 4177->4155 4184 404d46 4178->4184 4180 404e24 4180->4134 4181->4171 4182->4173 4183->4177 4185 404d5f 4184->4185 4186 40657a 17 API calls 4185->4186 4187 404dc3 4186->4187 4188 40657a 17 API calls 4187->4188 4189 404dce 4188->4189 4190 40657a 17 API calls 4189->4190 4191 404de4 lstrlenW wsprintfW SetDlgItemTextW 4190->4191 4191->4180 4192 404609 lstrlenW 4193 404628 4192->4193 4194 40462a WideCharToMultiByte 4192->4194 4193->4194 3209 40248a 3210 402da6 17 API calls 3209->3210 3211 40249c 3210->3211 3212 402da6 17 API calls 3211->3212 3213 4024a6 3212->3213 3226 402e36 3213->3226 3216 40292e 3217 4024de 3219 4024ea 3217->3219 3221 402d84 17 API calls 3217->3221 3218 402da6 17 API calls 3220 4024d4 lstrlenW 3218->3220 3222 402509 RegSetValueExW 3219->3222 3230 4032b4 3219->3230 3220->3217 3221->3219 3224 40251f RegCloseKey 3222->3224 3224->3216 3227 402e51 3226->3227 3250 4063d8 3227->3250 3231 4032cd 3230->3231 3232 4032fb 3231->3232 3257 4034e5 SetFilePointer 3231->3257 3254 4034cf 3232->3254 3236 403468 3238 4034aa 3236->3238 3241 40346c 3236->3241 3237 403318 GetTickCount 3242 403452 3237->3242 3246 403367 3237->3246 3239 4034cf ReadFile 3238->3239 3239->3242 3240 4034cf ReadFile 3240->3246 3241->3242 3243 4034cf ReadFile 3241->3243 3244 4060df WriteFile 3241->3244 3242->3222 3243->3241 3244->3241 3245 4033bd GetTickCount 3245->3246 3246->3240 3246->3242 3246->3245 3247 4033e2 MulDiv wsprintfW 3246->3247 3249 4060df WriteFile 3246->3249 3248 40559f 24 API calls 3247->3248 3248->3246 3249->3246 3251 4063e7 3250->3251 3252 4063f2 RegCreateKeyExW 3251->3252 3253 4024b6 3251->3253 3252->3253 3253->3216 3253->3217 3253->3218 3255 4060b0 ReadFile 3254->3255 3256 403306 3255->3256 3256->3236 3256->3237 3256->3242 3257->3232 4195 40498a 4196 4049b6 4195->4196 4197 4049c7 4195->4197 4256 405b81 GetDlgItemTextW 4196->4256 4198 4049d3 GetDlgItem 4197->4198 4205 404a32 4197->4205 4201 4049e7 4198->4201 4200 4049c1 4203 4067c4 5 API calls 4200->4203 4204 4049fb SetWindowTextW 4201->4204 4208 405eb7 4 API calls 4201->4208 4202 404b16 4254 404cc5 4202->4254 4258 405b81 GetDlgItemTextW 4202->4258 4203->4197 4209 404499 18 API calls 4204->4209 4205->4202 4210 40657a 17 API calls 4205->4210 4205->4254 4207 404500 8 API calls 4212 404cd9 4207->4212 4213 4049f1 4208->4213 4214 404a17 4209->4214 4215 404aa6 SHBrowseForFolderW 4210->4215 4211 404b46 4216 405f14 18 API calls 4211->4216 4213->4204 4220 405e0c 3 API calls 4213->4220 4217 404499 18 API calls 4214->4217 4215->4202 4218 404abe CoTaskMemFree 4215->4218 4219 404b4c 4216->4219 4221 404a25 4217->4221 4222 405e0c 3 API calls 4218->4222 4259 40653d lstrcpynW 4219->4259 4220->4204 4257 4044ce SendMessageW 4221->4257 4224 404acb 4222->4224 4227 404b02 SetDlgItemTextW 4224->4227 4231 40657a 17 API calls 4224->4231 4226 404a2b 4229 40690a 5 API calls 4226->4229 4227->4202 4228 404b63 4230 40690a 5 API calls 4228->4230 4229->4205 4242 404b6a 4230->4242 4232 404aea lstrcmpiW 4231->4232 4232->4227 4234 404afb lstrcatW 4232->4234 4233 404bab 4260 40653d lstrcpynW 4233->4260 4234->4227 4236 404bb2 4237 405eb7 4 API calls 4236->4237 4238 404bb8 GetDiskFreeSpaceW 4237->4238 4240 404bdc MulDiv 4238->4240 4244 404c03 4238->4244 4240->4244 4241 405e58 2 API calls 4241->4242 4242->4233 4242->4241 4242->4244 4243 404c74 4246 404c97 4243->4246 4248 40140b 2 API calls 4243->4248 4244->4243 4245 404e0f 20 API calls 4244->4245 4247 404c61 4245->4247 4261 4044bb KiUserCallbackDispatcher 4246->4261 4249 404c76 SetDlgItemTextW 4247->4249 4250 404c66 4247->4250 4248->4246 4249->4243 4252 404d46 20 API calls 4250->4252 4252->4243 4253 404cb3 4253->4254 4255 4048e3 SendMessageW 4253->4255 4254->4207 4255->4254 4256->4200 4257->4226 4258->4211 4259->4228 4260->4236 4261->4253 4262 40290b 4263 402da6 17 API calls 4262->4263 4264 402912 FindFirstFileW 4263->4264 4265 40293a 4264->4265 4268 402925 4264->4268 4270 406484 wsprintfW 4265->4270 4267 402943 4271 40653d lstrcpynW 4267->4271 4270->4267 4271->4268 4272 40190c 4273 401943 4272->4273 4274 402da6 17 API calls 4273->4274 4275 401948 4274->4275 4276 405c49 67 API calls 4275->4276 4277 401951 4276->4277 4278 40190f 4279 402da6 17 API calls 4278->4279 4280 401916 4279->4280 4281 405b9d MessageBoxIndirectW 4280->4281 4282 40191f 4281->4282 4283 401491 4284 40559f 24 API calls 4283->4284 4285 401498 4284->4285 4286 402891 4287 402898 4286->4287 4290 402ba9 4286->4290 4288 402d84 17 API calls 4287->4288 4289 40289f 4288->4289 4291 4028ae SetFilePointer 4289->4291 4291->4290 4292 4028be 4291->4292 4294 406484 wsprintfW 4292->4294 4294->4290 3632 403b12 3633 403b2a 3632->3633 3634 403b1c CloseHandle 3632->3634 3639 403b57 3633->3639 3634->3633 3637 405c49 67 API calls 3638 403b3b 3637->3638 3641 403b65 3639->3641 3640 403b2f 3640->3637 3641->3640 3642 403b6a FreeLibrary GlobalFree 3641->3642 3642->3640 3642->3642 4295 401f12 4296 402da6 17 API calls 4295->4296 4297 401f18 4296->4297 4298 402da6 17 API calls 4297->4298 4299 401f21 4298->4299 4300 402da6 17 API calls 4299->4300 4301 401f2a 4300->4301 4302 402da6 17 API calls 4301->4302 4303 401f33 4302->4303 4304 401423 24 API calls 4303->4304 4305 401f3a 4304->4305 4312 405b63 ShellExecuteExW 4305->4312 4307 401f82 4308 40292e 4307->4308 4309 4069b5 5 API calls 4307->4309 4310 401f9f CloseHandle 4309->4310 4310->4308 4312->4307 4313 405513 4314 405523 4313->4314 4315 405537 4313->4315 4316 405580 4314->4316 4317 405529 4314->4317 4318 40553f IsWindowVisible 4315->4318 4324 405556 4315->4324 4319 405585 CallWindowProcW 4316->4319 4320 4044e5 SendMessageW 4317->4320 4318->4316 4321 40554c 4318->4321 4322 405533 4319->4322 4320->4322 4323 404e54 5 API calls 4321->4323 4323->4324 4324->4319 4325 404ed4 4 API calls 4324->4325 4325->4316 4326 402f93 4327 402fa5 SetTimer 4326->4327 4328 402fbe 4326->4328 4327->4328 4329 403013 4328->4329 4330 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4328->4330 4330->4329 4331 401d17 4332 402d84 17 API calls 4331->4332 4333 401d1d IsWindow 4332->4333 4334 401a20 4333->4334 3674 403f9a 3675 403fb2 3674->3675 3676 404113 3674->3676 3675->3676 3677 403fbe 3675->3677 3678 404164 3676->3678 3679 404124 GetDlgItem GetDlgItem 3676->3679 3681 403fc9 SetWindowPos 3677->3681 3682 403fdc 3677->3682 3680 4041be 3678->3680 3691 401389 2 API calls 3678->3691 3683 404499 18 API calls 3679->3683 3684 4044e5 SendMessageW 3680->3684 3692 40410e 3680->3692 3681->3682 3685 403fe5 ShowWindow 3682->3685 3686 404027 3682->3686 3687 40414e SetClassLongW 3683->3687 3714 4041d0 3684->3714 3693 404100 3685->3693 3694 404005 GetWindowLongW 3685->3694 3688 404046 3686->3688 3689 40402f DestroyWindow 3686->3689 3690 40140b 2 API calls 3687->3690 3696 40404b SetWindowLongW 3688->3696 3697 40405c 3688->3697 3695 404422 3689->3695 3690->3678 3698 404196 3691->3698 3756 404500 3693->3756 3694->3693 3700 40401e ShowWindow 3694->3700 3695->3692 3707 404453 ShowWindow 3695->3707 3696->3692 3697->3693 3701 404068 GetDlgItem 3697->3701 3698->3680 3702 40419a SendMessageW 3698->3702 3700->3686 3705 404096 3701->3705 3706 404079 SendMessageW IsWindowEnabled 3701->3706 3702->3692 3703 40140b 2 API calls 3703->3714 3704 404424 DestroyWindow KiUserCallbackDispatcher 3704->3695 3709 4040a3 3705->3709 3711 4040ea SendMessageW 3705->3711 3712 4040b6 3705->3712 3721 40409b 3705->3721 3706->3692 3706->3705 3707->3692 3708 40657a 17 API calls 3708->3714 3709->3711 3709->3721 3711->3693 3715 4040d3 3712->3715 3716 4040be 3712->3716 3713 4040d1 3713->3693 3714->3692 3714->3703 3714->3704 3714->3708 3717 404499 18 API calls 3714->3717 3738 404364 DestroyWindow 3714->3738 3747 404499 3714->3747 3718 40140b 2 API calls 3715->3718 3719 40140b 2 API calls 3716->3719 3717->3714 3720 4040da 3718->3720 3719->3721 3720->3693 3720->3721 3753 404472 3721->3753 3723 40424b GetDlgItem 3724 404260 3723->3724 3725 404268 ShowWindow KiUserCallbackDispatcher 3723->3725 3724->3725 3750 4044bb KiUserCallbackDispatcher 3725->3750 3727 404292 EnableWindow 3732 4042a6 3727->3732 3728 4042ab GetSystemMenu EnableMenuItem SendMessageW 3729 4042db SendMessageW 3728->3729 3728->3732 3729->3732 3731 403f7b 18 API calls 3731->3732 3732->3728 3732->3731 3751 4044ce SendMessageW 3732->3751 3752 40653d lstrcpynW 3732->3752 3734 40430a lstrlenW 3735 40657a 17 API calls 3734->3735 3736 404320 SetWindowTextW 3735->3736 3737 401389 2 API calls 3736->3737 3737->3714 3738->3695 3739 40437e CreateDialogParamW 3738->3739 3739->3695 3740 4043b1 3739->3740 3741 404499 18 API calls 3740->3741 3742 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3741->3742 3743 401389 2 API calls 3742->3743 3744 404402 3743->3744 3744->3692 3745 40440a ShowWindow 3744->3745 3746 4044e5 SendMessageW 3745->3746 3746->3695 3748 40657a 17 API calls 3747->3748 3749 4044a4 SetDlgItemTextW 3748->3749 3749->3723 3750->3727 3751->3732 3752->3734 3754 404479 3753->3754 3755 40447f SendMessageW 3753->3755 3754->3755 3755->3713 3757 4045c3 3756->3757 3758 404518 GetWindowLongW 3756->3758 3757->3692 3758->3757 3759 40452d 3758->3759 3759->3757 3760 40455a GetSysColor 3759->3760 3761 40455d 3759->3761 3760->3761 3762 404563 SetTextColor 3761->3762 3763 40456d SetBkMode 3761->3763 3762->3763 3764 404585 GetSysColor 3763->3764 3765 40458b 3763->3765 3764->3765 3766 404592 SetBkColor 3765->3766 3767 40459c 3765->3767 3766->3767 3767->3757 3768 4045b6 CreateBrushIndirect 3767->3768 3769 4045af DeleteObject 3767->3769 3768->3757 3769->3768 3770 401b9b 3771 401ba8 3770->3771 3772 401bec 3770->3772 3777 401c31 3771->3777 3778 401bbf 3771->3778 3773 401bf1 3772->3773 3774 401c16 GlobalAlloc 3772->3774 3779 40239d 3773->3779 3789 40653d lstrcpynW 3773->3789 3775 40657a 17 API calls 3774->3775 3775->3777 3776 40657a 17 API calls 3780 402397 3776->3780 3777->3776 3777->3779 3790 40653d lstrcpynW 3778->3790 3785 405b9d MessageBoxIndirectW 3780->3785 3783 401c03 GlobalFree 3783->3779 3784 401bce 3791 40653d lstrcpynW 3784->3791 3785->3779 3787 401bdd 3792 40653d lstrcpynW 3787->3792 3789->3783 3790->3784 3791->3787 3792->3779 4335 40261c 4336 402da6 17 API calls 4335->4336 4337 402623 4336->4337 4340 40602d GetFileAttributesW CreateFileW 4337->4340 4339 40262f 4340->4339 4341 40149e 4342 4014ac PostQuitMessage 4341->4342 4343 40239d 4341->4343 4342->4343 4344 40259e 4345 402de6 17 API calls 4344->4345 4346 4025a8 4345->4346 4347 402d84 17 API calls 4346->4347 4348 4025b1 4347->4348 4349 4025d9 RegEnumValueW 4348->4349 4350 4025cd RegEnumKeyW 4348->4350 4352 40292e 4348->4352 4351 4025ee RegCloseKey 4349->4351 4350->4351 4351->4352 4354 4015a3 4355 402da6 17 API calls 4354->4355 4356 4015aa SetFileAttributesW 4355->4356 4357 4015bc 4356->4357 3181 401fa4 3182 402da6 17 API calls 3181->3182 3183 401faa 3182->3183 3184 40559f 24 API calls 3183->3184 3185 401fb4 3184->3185 3196 405b20 CreateProcessW 3185->3196 3188 40292e 3191 401fcf 3192 401fd4 3191->3192 3193 401fdf 3191->3193 3204 406484 wsprintfW 3192->3204 3195 401fdd CloseHandle 3193->3195 3195->3188 3197 405b53 CloseHandle 3196->3197 3198 401fba 3196->3198 3197->3198 3198->3188 3198->3195 3199 4069b5 WaitForSingleObject 3198->3199 3200 4069cf 3199->3200 3201 4069e1 GetExitCodeProcess 3200->3201 3205 406946 3200->3205 3201->3191 3204->3195 3206 406963 PeekMessageW 3205->3206 3207 406973 WaitForSingleObject 3206->3207 3208 406959 DispatchMessageW 3206->3208 3207->3200 3208->3206 3258 4021aa 3259 402da6 17 API calls 3258->3259 3260 4021b1 3259->3260 3261 402da6 17 API calls 3260->3261 3262 4021bb 3261->3262 3263 402da6 17 API calls 3262->3263 3264 4021c5 3263->3264 3265 402da6 17 API calls 3264->3265 3266 4021cf 3265->3266 3267 402da6 17 API calls 3266->3267 3268 4021d9 3267->3268 3269 402218 CoCreateInstance 3268->3269 3270 402da6 17 API calls 3268->3270 3273 402237 3269->3273 3270->3269 3271 401423 24 API calls 3272 4022f6 3271->3272 3273->3271 3273->3272 3274 40252a 3285 402de6 3274->3285 3277 402da6 17 API calls 3278 40253d 3277->3278 3279 402548 RegQueryValueExW 3278->3279 3284 40292e 3278->3284 3280 40256e RegCloseKey 3279->3280 3281 402568 3279->3281 3280->3284 3281->3280 3290 406484 wsprintfW 3281->3290 3286 402da6 17 API calls 3285->3286 3287 402dfd 3286->3287 3288 4063aa RegOpenKeyExW 3287->3288 3289 402534 3288->3289 3289->3277 3290->3280 4358 40202a 4359 402da6 17 API calls 4358->4359 4360 402031 4359->4360 4361 40690a 5 API calls 4360->4361 4362 402040 4361->4362 4363 40205c GlobalAlloc 4362->4363 4366 4020cc 4362->4366 4364 402070 4363->4364 4363->4366 4365 40690a 5 API calls 4364->4365 4367 402077 4365->4367 4368 40690a 5 API calls 4367->4368 4369 402081 4368->4369 4369->4366 4373 406484 wsprintfW 4369->4373 4371 4020ba 4374 406484 wsprintfW 4371->4374 4373->4371 4374->4366 4375 403baa 4376 403bb5 4375->4376 4377 403bb9 4376->4377 4378 403bbc GlobalAlloc 4376->4378 4378->4377 3315 40352d SetErrorMode GetVersionExW 3316 4035b7 3315->3316 3317 40357f GetVersionExW 3315->3317 3318 403610 3316->3318 3319 40690a 5 API calls 3316->3319 3317->3316 3320 40689a 3 API calls 3318->3320 3319->3318 3321 403626 lstrlenA 3320->3321 3321->3318 3322 403636 3321->3322 3323 40690a 5 API calls 3322->3323 3324 40363d 3323->3324 3325 40690a 5 API calls 3324->3325 3326 403644 3325->3326 3327 40690a 5 API calls 3326->3327 3331 403650 #17 OleInitialize SHGetFileInfoW 3327->3331 3330 40369d GetCommandLineW 3406 40653d lstrcpynW 3330->3406 3405 40653d lstrcpynW 3331->3405 3333 4036af 3334 405e39 CharNextW 3333->3334 3335 4036d5 CharNextW 3334->3335 3347 4036e6 3335->3347 3336 4037e4 3337 4037f8 GetTempPathW 3336->3337 3407 4034fc 3337->3407 3339 403810 3341 403814 GetWindowsDirectoryW lstrcatW 3339->3341 3342 40386a DeleteFileW 3339->3342 3340 405e39 CharNextW 3340->3347 3343 4034fc 12 API calls 3341->3343 3417 40307d GetTickCount GetModuleFileNameW 3342->3417 3345 403830 3343->3345 3345->3342 3348 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3345->3348 3346 40387d 3350 403a59 ExitProcess OleUninitialize 3346->3350 3352 403932 3346->3352 3360 405e39 CharNextW 3346->3360 3347->3336 3347->3340 3349 4037e6 3347->3349 3351 4034fc 12 API calls 3348->3351 3501 40653d lstrcpynW 3349->3501 3354 403a69 3350->3354 3355 403a7e 3350->3355 3359 403862 3351->3359 3445 403bec 3352->3445 3506 405b9d 3354->3506 3357 403a86 GetCurrentProcess OpenProcessToken 3355->3357 3358 403afc ExitProcess 3355->3358 3363 403acc 3357->3363 3364 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3357->3364 3359->3342 3359->3350 3374 40389f 3360->3374 3367 40690a 5 API calls 3363->3367 3364->3363 3365 403941 3365->3350 3370 403ad3 3367->3370 3368 403908 3371 405f14 18 API calls 3368->3371 3369 403949 3373 405b08 5 API calls 3369->3373 3372 403ae8 ExitWindowsEx 3370->3372 3376 403af5 3370->3376 3375 403914 3371->3375 3372->3358 3372->3376 3377 40394e lstrcatW 3373->3377 3374->3368 3374->3369 3375->3350 3502 40653d lstrcpynW 3375->3502 3510 40140b 3376->3510 3378 40396a lstrcatW lstrcmpiW 3377->3378 3379 40395f lstrcatW 3377->3379 3378->3365 3381 40398a 3378->3381 3379->3378 3383 403996 3381->3383 3384 40398f 3381->3384 3387 405aeb 2 API calls 3383->3387 3386 405a6e 4 API calls 3384->3386 3385 403927 3503 40653d lstrcpynW 3385->3503 3389 403994 3386->3389 3390 40399b SetCurrentDirectoryW 3387->3390 3389->3390 3391 4039b8 3390->3391 3392 4039ad 3390->3392 3505 40653d lstrcpynW 3391->3505 3504 40653d lstrcpynW 3392->3504 3395 40657a 17 API calls 3396 4039fa DeleteFileW 3395->3396 3397 403a06 CopyFileW 3396->3397 3402 4039c5 3396->3402 3397->3402 3398 403a50 3400 4062fd 36 API calls 3398->3400 3399 4062fd 36 API calls 3399->3402 3400->3365 3401 40657a 17 API calls 3401->3402 3402->3395 3402->3398 3402->3399 3402->3401 3403 405b20 2 API calls 3402->3403 3404 403a3a CloseHandle 3402->3404 3403->3402 3404->3402 3405->3330 3406->3333 3408 4067c4 5 API calls 3407->3408 3410 403508 3408->3410 3409 403512 3409->3339 3410->3409 3411 405e0c 3 API calls 3410->3411 3412 40351a 3411->3412 3413 405aeb 2 API calls 3412->3413 3414 403520 3413->3414 3513 40605c 3414->3513 3517 40602d GetFileAttributesW CreateFileW 3417->3517 3419 4030bd 3437 4030cd 3419->3437 3518 40653d lstrcpynW 3419->3518 3421 4030e3 3422 405e58 2 API calls 3421->3422 3423 4030e9 3422->3423 3519 40653d lstrcpynW 3423->3519 3425 4030f4 GetFileSize 3426 4031ee 3425->3426 3444 40310b 3425->3444 3520 403019 3426->3520 3428 4031f7 3430 403227 GlobalAlloc 3428->3430 3428->3437 3532 4034e5 SetFilePointer 3428->3532 3429 4034cf ReadFile 3429->3444 3531 4034e5 SetFilePointer 3430->3531 3432 40325a 3434 403019 6 API calls 3432->3434 3434->3437 3435 403210 3438 4034cf ReadFile 3435->3438 3436 403242 3439 4032b4 31 API calls 3436->3439 3437->3346 3440 40321b 3438->3440 3442 40324e 3439->3442 3440->3430 3440->3437 3441 403019 6 API calls 3441->3444 3442->3437 3442->3442 3443 40328b SetFilePointer 3442->3443 3443->3437 3444->3426 3444->3429 3444->3432 3444->3437 3444->3441 3446 40690a 5 API calls 3445->3446 3447 403c00 3446->3447 3448 403c06 3447->3448 3449 403c18 3447->3449 3548 406484 wsprintfW 3448->3548 3450 40640b 3 API calls 3449->3450 3451 403c48 3450->3451 3453 403c67 lstrcatW 3451->3453 3455 40640b 3 API calls 3451->3455 3454 403c16 3453->3454 3533 403ec2 3454->3533 3455->3453 3458 405f14 18 API calls 3459 403c99 3458->3459 3460 403d2d 3459->3460 3462 40640b 3 API calls 3459->3462 3461 405f14 18 API calls 3460->3461 3463 403d33 3461->3463 3464 403ccb 3462->3464 3465 403d43 LoadImageW 3463->3465 3466 40657a 17 API calls 3463->3466 3464->3460 3469 403cec lstrlenW 3464->3469 3472 405e39 CharNextW 3464->3472 3467 403de9 3465->3467 3468 403d6a RegisterClassW 3465->3468 3466->3465 3471 40140b 2 API calls 3467->3471 3470 403da0 SystemParametersInfoW CreateWindowExW 3468->3470 3500 403df3 3468->3500 3473 403d20 3469->3473 3474 403cfa lstrcmpiW 3469->3474 3470->3467 3478 403def 3471->3478 3476 403ce9 3472->3476 3475 405e0c 3 API calls 3473->3475 3474->3473 3477 403d0a GetFileAttributesW 3474->3477 3480 403d26 3475->3480 3476->3469 3481 403d16 3477->3481 3479 403ec2 18 API calls 3478->3479 3478->3500 3482 403e00 3479->3482 3549 40653d lstrcpynW 3480->3549 3481->3473 3484 405e58 2 API calls 3481->3484 3485 403e0c ShowWindow 3482->3485 3486 403e8f 3482->3486 3484->3473 3488 40689a 3 API calls 3485->3488 3541 405672 OleInitialize 3486->3541 3490 403e24 3488->3490 3489 403e95 3491 403eb1 3489->3491 3492 403e99 3489->3492 3493 403e32 GetClassInfoW 3490->3493 3495 40689a 3 API calls 3490->3495 3494 40140b 2 API calls 3491->3494 3498 40140b 2 API calls 3492->3498 3492->3500 3496 403e46 GetClassInfoW RegisterClassW 3493->3496 3497 403e5c DialogBoxParamW 3493->3497 3494->3500 3495->3493 3496->3497 3499 40140b 2 API calls 3497->3499 3498->3500 3499->3500 3500->3365 3501->3337 3502->3385 3503->3352 3504->3391 3505->3402 3507 405bb2 3506->3507 3508 403a76 ExitProcess 3507->3508 3509 405bc6 MessageBoxIndirectW 3507->3509 3509->3508 3511 401389 2 API calls 3510->3511 3512 401420 3511->3512 3512->3358 3514 406069 GetTickCount GetTempFileNameW 3513->3514 3515 40352b 3514->3515 3516 40609f 3514->3516 3515->3339 3516->3514 3516->3515 3517->3419 3518->3421 3519->3425 3521 403022 3520->3521 3522 40303a 3520->3522 3523 403032 3521->3523 3524 40302b DestroyWindow 3521->3524 3525 403042 3522->3525 3526 40304a GetTickCount 3522->3526 3523->3428 3524->3523 3527 406946 2 API calls 3525->3527 3528 403058 CreateDialogParamW ShowWindow 3526->3528 3529 40307b 3526->3529 3530 403048 3527->3530 3528->3529 3529->3428 3530->3428 3531->3436 3532->3435 3534 403ed6 3533->3534 3550 406484 wsprintfW 3534->3550 3536 403f47 3551 403f7b 3536->3551 3538 403c77 3538->3458 3539 403f4c 3539->3538 3540 40657a 17 API calls 3539->3540 3540->3539 3554 4044e5 3541->3554 3543 4056bc 3544 4044e5 SendMessageW 3543->3544 3546 4056ce OleUninitialize 3544->3546 3545 405695 3545->3543 3557 401389 3545->3557 3546->3489 3548->3454 3549->3460 3550->3536 3552 40657a 17 API calls 3551->3552 3553 403f89 SetWindowTextW 3552->3553 3553->3539 3555 4044fd 3554->3555 3556 4044ee SendMessageW 3554->3556 3555->3545 3556->3555 3559 401390 3557->3559 3558 4013fe 3558->3545 3559->3558 3560 4013cb MulDiv SendMessageW 3559->3560 3560->3559 4379 401a30 4380 402da6 17 API calls 4379->4380 4381 401a39 ExpandEnvironmentStringsW 4380->4381 4382 401a4d 4381->4382 4384 401a60 4381->4384 4383 401a52 lstrcmpW 4382->4383 4382->4384 4383->4384 4390 4023b2 4391 4023c0 4390->4391 4392 4023ba 4390->4392 4394 4023ce 4391->4394 4395 402da6 17 API calls 4391->4395 4393 402da6 17 API calls 4392->4393 4393->4391 4396 402da6 17 API calls 4394->4396 4398 4023dc 4394->4398 4395->4394 4396->4398 4397 402da6 17 API calls 4399 4023e5 WritePrivateProfileStringW 4397->4399 4398->4397 4400 402434 4401 402467 4400->4401 4402 40243c 4400->4402 4403 402da6 17 API calls 4401->4403 4404 402de6 17 API calls 4402->4404 4405 40246e 4403->4405 4406 402443 4404->4406 4411 402e64 4405->4411 4408 402da6 17 API calls 4406->4408 4409 40247b 4406->4409 4410 402454 RegDeleteValueW RegCloseKey 4408->4410 4410->4409 4412 402e71 4411->4412 4413 402e78 4411->4413 4412->4409 4413->4412 4415 402ea9 4413->4415 4416 4063aa RegOpenKeyExW 4415->4416 4417 402ed7 4416->4417 4418 402ee7 RegEnumValueW 4417->4418 4419 402f0a 4417->4419 4426 402f81 4417->4426 4418->4419 4420 402f71 RegCloseKey 4418->4420 4419->4420 4421 402f46 RegEnumKeyW 4419->4421 4422 402f4f RegCloseKey 4419->4422 4425 402ea9 6 API calls 4419->4425 4420->4426 4421->4419 4421->4422 4423 40690a 5 API calls 4422->4423 4424 402f5f 4423->4424 4424->4426 4427 402f63 RegDeleteKeyW 4424->4427 4425->4419 4426->4412 4427->4426 4428 401735 4429 402da6 17 API calls 4428->4429 4430 40173c SearchPathW 4429->4430 4431 401757 4430->4431 4432 401d38 4433 402d84 17 API calls 4432->4433 4434 401d3f 4433->4434 4435 402d84 17 API calls 4434->4435 4436 401d4b GetDlgItem 4435->4436 4437 402638 4436->4437 4438 4014b8 4439 4014be 4438->4439 4440 401389 2 API calls 4439->4440 4441 4014c6 4440->4441 4442 40263e 4443 402652 4442->4443 4444 40266d 4442->4444 4445 402d84 17 API calls 4443->4445 4446 402672 4444->4446 4447 40269d 4444->4447 4454 402659 4445->4454 4448 402da6 17 API calls 4446->4448 4449 402da6 17 API calls 4447->4449 4451 402679 4448->4451 4450 4026a4 lstrlenW 4449->4450 4450->4454 4459 40655f WideCharToMultiByte 4451->4459 4453 40268d lstrlenA 4453->4454 4455 4026d1 4454->4455 4456 4026e7 4454->4456 4458 40610e 5 API calls 4454->4458 4455->4456 4457 4060df WriteFile 4455->4457 4457->4456 4458->4455 4459->4453

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 0040352D Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00008001), ref: 00403550
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                                                  • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348,00000020,"C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348,00000000), ref: 004036D6
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(1033), ref: 0040386F
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                                                    • Part of subcall function 00405AEB: CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348,00000000,?), ref: 0040397C
                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                                                                                                                  • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                  • String ID: "C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348$&dsk_iosec=64503&dsk_mbsec=251&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_archi$.tmp$1033$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\FAST!\Temp$C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                  • API String ID: 2292928366-1078102288
                                                                                                                                                                                                                  • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                                                  • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\*.*,\*.*), ref: 00405CBA
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                  • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\*.*$\*.*
                                                                                                                                                                                                                  • API String ID: 2035342205-311556201
                                                                                                                                                                                                                  • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                  • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(74DF3420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                  • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                  • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                  • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 150 4058f0-4058f6 148->150 151 405944-405948 148->151 153 4058d0-4058df ShowWindow * 2 call 4044ce 149->153 154 405909-405912 call 404500 149->154 155 4058f8-405904 call 404472 150->155 156 40591e-40592e ShowWindow 150->156 151->154 159 40594a-405950 151->159 153->148 162 405917-40591b 154->162 155->154 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->154 167 405952-405965 SendMessageW 159->167 163->164 164->151 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004058B3
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                                                  • ShowWindow.USER32(00020440,00000008), ref: 004058DC
                                                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                  • String ID: {
                                                                                                                                                                                                                  • API String ID: 590372296-366298937
                                                                                                                                                                                                                  • Opcode ID: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                                                                                                                  • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 214 4041d0-4041eb 198->214 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 213 404466 204->213 215 404100-40410e call 404500 206->215 216 404005-404018 GetWindowLongW 206->216 209 404046-404049 207->209 210 40402f-404041 DestroyWindow 207->210 220 40404b-404057 SetWindowLongW 209->220 221 40405c-404062 209->221 217 404443-404449 210->217 219 404468-40446f 213->219 224 4041f4-4041fa 214->224 225 4041ed-4041ef call 40140b 214->225 215->219 216->215 226 40401e-404021 ShowWindow 216->226 217->213 231 40444b-404451 217->231 220->219 221->215 227 404068-404077 GetDlgItem 221->227 232 404200-40420b 224->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 224->233 225->224 226->207 235 404096-404099 227->235 236 404079-404090 SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 404453-40445c ShowWindow 231->237 232->233 234 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->234 233->217 264 404260-404265 234->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 234->265 239 40409b-40409c 235->239 240 40409e-4040a1 235->240 236->213 236->235 237->213 242 4040cc-4040d1 call 404472 239->242 243 4040a3-4040a9 240->243 244 4040af-4040b4 240->244 242->215 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->215 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->215 262 4040de-4040e8 252->262 260 4040ca 253->260 260->242 262->260 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->214 284 404339-40433b 273->284 284->214 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->217 289 40437e-4043ab CreateDialogParamW 286->289 287->213 288 404353-404359 287->288 288->214 290 40435f 288->290 289->217 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->217
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 121052019-0
                                                                                                                                                                                                                  • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                                                  • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cd4 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 319->318 326 403cd6-403cda 319->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 343 403df3-403df6 328->343 344 403dfb-403e06 call 403ec2 328->344 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 342 403d0a-403d14 GetFileAttributesW 338->342 347 403d16-403d18 342->347 348 403d1a-403d1b call 405e58 342->348 343->336 352 403e0c-403e26 ShowWindow call 40689a 344->352 353 403e8f-403e90 call 405672 344->353 347->337 347->348 348->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->333 359->343 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->343 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                    • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74DF3420), ref: 00403CED
                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403D54
                                                                                                                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                  • API String ID: 1975747703-2050065429
                                                                                                                                                                                                                  • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                                                  • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\FAST!\Temp$C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                                                  • API String ID: 2803837635-1847466501
                                                                                                                                                                                                                  • Opcode ID: 1dea39ccc6c39406b0d997d68cfd0a58dedaebe218e2b7937ece93c5b698421c
                                                                                                                                                                                                                  • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dea39ccc6c39406b0d997d68cfd0a58dedaebe218e2b7937ece93c5b698421c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 521 406796-406799 517->521 522 40678a-406794 517->522 519 40672c-406731 518->519 520 40663f-406646 518->520 526 406733-406739 519->526 527 406764-406769 519->527 523 406648-40664a 520->523 524 40664b-40664d 520->524 525 40679b-4067a4 521->525 522->525 523->524 528 40668a-40668d 524->528 529 40664f-40666d call 40640b 524->529 525->511 532 4065d7 525->532 533 406749-406755 call 40653d 526->533 534 40673b-406747 call 406484 526->534 530 406778-406786 lstrlenW 527->530 531 40676b-406773 call 40657a 527->531 538 40669d-4066a0 528->538 539 40668f-40669b GetSystemDirectoryW 528->539 543 406672-406676 529->543 530->525 531->530 532->512 542 40675a-406760 533->542 534->542 545 4066a2-4066b0 GetWindowsDirectoryW 538->545 546 406709-40670b 538->546 544 40670d-406711 539->544 542->530 547 406762 542->547 549 406713-406717 543->549 550 40667c-406685 call 40657a 543->550 544->549 551 406724-40672a call 4067c4 544->551 545->546 546->544 548 4066b2-4066ba 546->548 547->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 548->555 556 4066bc-4066c5 548->556 549->551 552 406719-40671f lstrcatW 549->552 550->544 551->530 552->551 557 406705 555->557 558 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->558 561 4066cd-4066cf 556->561 557->546 558->544 558->557 561->544 561->555
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 00406695
                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00000000,00425E0F,74DF23A0), ref: 004066A8
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                  • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                  • API String ID: 4260037668-3228361814
                                                                                                                                                                                                                  • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                                                  • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004032B4 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 588 403474-40347a 582->588 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 588->591 592 40347e-40348c call 4034cf 588->592 591->592 592->572 599 40348e-403493 call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 603 403498-40349a 599->603 606 403464-403466 603->606 607 40349c-4034a6 603->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->588 614 4034a8 607->614 610 4033e2-403413 MulDiv wsprintfW call 40559f 608->610 611 4033dc-4033e0 608->611 612 403454-403458 609->612 613 40341f-403423 609->613 619 403418 610->619 611->609 611->610 612->581 618 40345e 612->618 616 403425-40342c call 4060df 613->616 617 40343a-403445 613->617 614->580 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 619->609 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CountTick$wsprintf
                                                                                                                                                                                                                  • String ID: *B$ A$ A$... %d%%$}8@
                                                                                                                                                                                                                  • API String ID: 551687249-3029848762
                                                                                                                                                                                                                  • Opcode ID: dac142f1bd8b58d46ec5ce0932f2b3f247fbee8c78603e198082076923a37247
                                                                                                                                                                                                                  • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dac142f1bd8b58d46ec5ce0932f2b3f247fbee8c78603e198082076923a37247
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db FindCloseChangeNotification 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,get,get,00000000,00000000,get,C:\Program Files (x86)\Fast!,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\), ref: 0040560C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\FAST!\Temp\$C:\Users\user\AppData\Local\Temp\nsv93CA.tmp$get
                                                                                                                                                                                                                  • API String ID: 1941528284-2451353451
                                                                                                                                                                                                                  • Opcode ID: ab293c35546dfc3782223427498d6aa4f9bfee0ec5176a09a0fb6643c1be96c6
                                                                                                                                                                                                                  • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab293c35546dfc3782223427498d6aa4f9bfee0ec5176a09a0fb6643c1be96c6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                  • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\), ref: 0040560C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                  • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\
                                                                                                                                                                                                                  • API String ID: 1495540970-2289707451
                                                                                                                                                                                                                  • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                                                  • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 705 4026ec-402705 call 402d84 708 402c2a-402c2d 705->708 709 40270b-402712 705->709 710 402c33-402c39 708->710 711 402714 709->711 712 402717-40271a 709->712 711->712 713 402720-40272f call 40649d 712->713 714 40287e-402886 712->714 713->714 718 402735 713->718 714->708 719 40273b-40273f 718->719 720 4027d4-4027d7 719->720 721 402745-402760 ReadFile 719->721 723 4027d9-4027dc 720->723 724 4027ef-4027ff call 4060b0 720->724 721->714 722 402766-40276b 721->722 722->714 726 402771-40277f 722->726 723->724 727 4027de-4027e9 call 40610e 723->727 724->714 733 402801 724->733 730 402785-402797 MultiByteToWideChar 726->730 731 40283a-402846 call 406484 726->731 727->714 727->724 730->733 734 402799-40279c 730->734 731->710 736 402804-402807 733->736 737 40279e-4027a9 734->737 736->731 739 402809-40280e 736->739 737->736 740 4027ab-4027d0 SetFilePointer MultiByteToWideChar 737->740 741 402810-402815 739->741 742 40284b-40284f 739->742 740->737 743 4027d2 740->743 741->742 746 402817-40282a 741->746 744 402851-402855 742->744 745 40286c-402878 SetFilePointer 742->745 743->733 747 402857-40285b 744->747 748 40285d-40286a 744->748 745->714 746->714 749 40282c-402832 746->749 747->745 747->748 748->714 749->719 750 402838 749->750 750->714
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                    • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                  • String ID: 9
                                                                                                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                                                                                                  • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                  • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 751 40689a-4068ba GetSystemDirectoryW 752 4068bc 751->752 753 4068be-4068c0 751->753 752->753 754 4068d1-4068d3 753->754 755 4068c2-4068cb 753->755 757 4068d4-406907 wsprintfW LoadLibraryExW 754->757 755->754 756 4068cd-4068cf 755->756 756->757
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                  • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                  • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                  • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 758 402950-402969 call 402da6 call 405e83 763 402972-40298b call 406008 call 40602d 758->763 764 40296b-40296d call 402da6 758->764 770 402991-40299a 763->770 771 402a3b-402a40 763->771 764->763 772 4029a0-4029b7 GlobalAlloc 770->772 773 402a23-402a2b call 4032b4 770->773 774 402a42-402a4e DeleteFileW 771->774 775 402a55 771->775 772->773 776 4029b9-4029d6 call 4034e5 call 4034cf GlobalAlloc 772->776 779 402a30-402a35 CloseHandle 773->779 774->775 783 4029d8-4029e0 call 4032b4 776->783 784 402a0c-402a13 call 4060df 776->784 779->771 787 4029e5 783->787 788 402a18-402a1f GlobalFree 784->788 789 4029ff-402a01 787->789 788->773 790 402a03-402a06 GlobalFree 789->790 791 4029e7-4029fc call 405fe8 789->791 790->784 791->789
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                                                                                                  • Opcode ID: 1e4de5253702851df6d0b6f642b82d6f2ecc2e1b33ad35e1f152e248e008f3c4
                                                                                                                                                                                                                  • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e4de5253702851df6d0b6f642b82d6f2ecc2e1b33ad35e1f152e248e008f3c4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 794 405a6e-405ab9 CreateDirectoryW 795 405abb-405abd 794->795 796 405abf-405acc GetLastError 794->796 797 405ae6-405ae8 795->797 796->797 798 405ace-405ae2 SetFileSecurityW 796->798 798->795 799 405ae4 GetLastError 798->799 799->797
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 3449924974-3081826266
                                                                                                                                                                                                                  • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                  • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 800 401c43-401c63 call 402d84 * 2 805 401c65-401c6c call 402da6 800->805 806 401c6f-401c73 800->806 805->806 808 401c75-401c7c call 402da6 806->808 809 401c7f-401c85 806->809 808->809 812 401cd3-401cfd call 402da6 * 2 FindWindowExW 809->812 813 401c87-401ca3 call 402d84 * 2 809->813 823 401d03 812->823 824 401cc3-401cd1 SendMessageW 813->824 825 401ca5-401cc1 SendMessageTimeoutW 813->825 826 401d06-401d09 823->826 824->823 825->826 827 402c2a-402c39 826->827 828 401d0f 826->828 828->827
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                  • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                  • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv93CA.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                  • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsv93CA.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsv93CA.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseValuelstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp
                                                                                                                                                                                                                  • API String ID: 2655323295-884601603
                                                                                                                                                                                                                  • Opcode ID: eb1a2893963f699a3576f9d9343ac39c609614edfb45ea7287c3b3745176a0f7
                                                                                                                                                                                                                  • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1a2893963f699a3576f9d9343ac39c609614edfb45ea7287c3b3745176a0f7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                  • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 3248276644-3049482934
                                                                                                                                                                                                                  • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                  • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                  • API String ID: 1716503409-678247507
                                                                                                                                                                                                                  • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                  • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                    • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,C:\Program Files (x86)\Fast!,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Program Files (x86)\Fast!, xrefs: 00401640
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                  • API String ID: 1892508949-1788482285
                                                                                                                                                                                                                  • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                  • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\), ref: 0040645C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                  • String ID: Remove folder:
                                                                                                                                                                                                                  • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                  • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                  • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 1100898210-3081826266
                                                                                                                                                                                                                  • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                  • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\), ref: 0040560C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 334405425-0
                                                                                                                                                                                                                  • Opcode ID: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                                                                                                                  • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(046E21C0), ref: 00401C0B
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                                                  • String ID: get
                                                                                                                                                                                                                  • API String ID: 3292104215-4248514160
                                                                                                                                                                                                                  • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                                                  • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00406008: GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                    • Part of subcall function 00406008: SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1655745494-0
                                                                                                                                                                                                                  • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                  • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Program Files (x86)\Fast!, xrefs: 00402269
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                  • API String ID: 542301482-1788482285
                                                                                                                                                                                                                  • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                  • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsv93CA.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3356406503-0
                                                                                                                                                                                                                  • Opcode ID: f0203ba3881819d7b9bb9119f6d82b13770a830527b7165a928350ff739dcab4
                                                                                                                                                                                                                  • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0203ba3881819d7b9bb9119f6d82b13770a830527b7165a928350ff739dcab4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                  • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405672 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00405682
                                                                                                                                                                                                                    • Part of subcall function 004044E5: SendMessageW.USER32(0002049E,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                  • OleUninitialize.OLE32(00000404,00000000,?,00000000,?), ref: 004056CE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2896919175-0
                                                                                                                                                                                                                  • Opcode ID: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                                                                                                                  • Instruction ID: 6be4ff692d487ef8b3e25caebddd25c5d55207980f196ef2193ccf2f8785d180
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3F0F0765006009AE6115B95A901BA677A8EBD4316F49883AEF88632E0CB365C418A1C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$EnableShow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1136574915-0
                                                                                                                                                                                                                  • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                  • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3712363035-0
                                                                                                                                                                                                                  • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                  • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                    • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                    • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                    • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2547128583-0
                                                                                                                                                                                                                  • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                  • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                                                  • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                  • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                  • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                  • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\, xrefs: 00403B31
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\
                                                                                                                                                                                                                  • API String ID: 2962429428-702683675
                                                                                                                                                                                                                  • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                  • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                                                                                                  • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                  • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                  • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                  • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                  • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                  • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                  • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Remove folder: ,?), ref: 004063CE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Open
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                                                                                                  • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                  • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004062FD Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(?,?,00000005,00405DFB,?,00000000,000000F1,?,?,?,?,?), ref: 00406307
                                                                                                                                                                                                                    • Part of subcall function 00406183: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                    • Part of subcall function 00406183: GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                    • Part of subcall function 00406183: GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                    • Part of subcall function 00406183: wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                    • Part of subcall function 00406183: GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                    • Part of subcall function 00406183: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                    • Part of subcall function 00406183: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                    • Part of subcall function 00406183: SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$NamePathShort$AllocCloseGlobalHandleMovePointerSizelstrcpywsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1930046112-0
                                                                                                                                                                                                                  • Opcode ID: 8f53434626867040aeaf300899a332654148b257c03f208a35692daf52d65ed0
                                                                                                                                                                                                                  • Instruction ID: 786f9f27e87e5c9ea407ae46cb6f26f26cce76303f9e9442b57226035b255668
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f53434626867040aeaf300899a332654148b257c03f208a35692daf52d65ed0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AD05232108201BECA011B40ED04A0ABBA2EB84316F11842EF599A40B0EB3280219B09
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 281422827-0
                                                                                                                                                                                                                  • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                                                  • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(0002049E,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                  • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExecuteShell
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 587946157-0
                                                                                                                                                                                                                  • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                  • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                  • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                  • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                  • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                                                  • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                  • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\), ref: 0040560C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                    • Part of subcall function 00405B20: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                    • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                    • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                    • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2972824698-0
                                                                                                                                                                                                                  • Opcode ID: fa18f46a8673bca6434a5c9373a6cbc3dc8609fa07edefac18420a2ce970209b
                                                                                                                                                                                                                  • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa18f46a8673bca6434a5c9373a6cbc3dc8609fa07edefac18420a2ce970209b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                  • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                                                  • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                  • String ID: $M$N
                                                                                                                                                                                                                  • API String ID: 2564846305-813528018
                                                                                                                                                                                                                  • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                                                  • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                  • String ID: N$Remove folder:
                                                                                                                                                                                                                  • API String ID: 3103080414-3051863454
                                                                                                                                                                                                                  • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                  • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                  • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                                                  • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                  • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404AFD
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                                                    • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                                                    • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                    • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                    • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                  • String ID: A$C:\Program Files (x86)\Fast!$Remove folder:
                                                                                                                                                                                                                  • API String ID: 2624150263-1220325781
                                                                                                                                                                                                                  • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                                                  • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                  • API String ID: 2171350718-461813615
                                                                                                                                                                                                                  • Opcode ID: 8d52cae6b0df5babf044fe540a8f61f10365d92318d6db6e700b5564579bcd37
                                                                                                                                                                                                                  • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d52cae6b0df5babf044fe540a8f61f10365d92318d6db6e700b5564579bcd37
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                                                  • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                  • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                  • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                                                  • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 589700163-4010320282
                                                                                                                                                                                                                  • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                  • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                                                  • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                                                  • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                  • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsv93CA.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                  • String ID: MS Shell Dlg
                                                                                                                                                                                                                  • API String ID: 2584051700-76309092
                                                                                                                                                                                                                  • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                                                  • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                  • MulDiv.KERNEL32(07CF3DC5,00000064,07CF6B30), ref: 00402FDC
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                                                                                                  • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                  • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1354259210-0
                                                                                                                                                                                                                  • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                                                  • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                                                  • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                  • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                  • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                                                  • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext
                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                  • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                  • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                  • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 2659869361-3081826266
                                                                                                                                                                                                                  • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                  • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\FAST!\Temp\), ref: 00402695
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\FAST!\Temp\$C:\Users\user\AppData\Local\Temp\nsv93CA.tmp
                                                                                                                                                                                                                  • API String ID: 1659193697-1001722040
                                                                                                                                                                                                                  • Opcode ID: 00933c64229d8af25222ad9bfa8c1bb017ce3e6fae46a45fef74913abf3a9e56
                                                                                                                                                                                                                  • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00933c64229d8af25222ad9bfa8c1bb017ce3e6fae46a45fef74913abf3a9e56
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                                                                                                  • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                  • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                                                    • Part of subcall function 004044E5: SendMessageW.USER32(0002049E,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                  • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                  • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\AppData\Local\FAST!\Temp,004030E9,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\FAST!\Temp,004030E9,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\FAST!\Temp, xrefs: 00405E58
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\FAST!\Temp
                                                                                                                                                                                                                  • API String ID: 2709904686-1915228259
                                                                                                                                                                                                                  • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                  • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000007.00000002.2385695242.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385652791.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385730689.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2385796091.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000007.00000002.2386172762.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                                                  • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                  • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:8.1%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:6.5%
                                                                                                                                                                                                                  Total number of Nodes:1909
                                                                                                                                                                                                                  Total number of Limit Nodes:9
                                                                                                                                                                                                                  execution_graph 5705 955816 5714 9556a8 5705->5714 5709 955887 5710 95587e ??3@YAXPAX 5710->5709 5711 955843 5711->5709 5711->5710 5712 94a1b9 2 API calls 5711->5712 5713 955878 5711->5713 5712->5711 5713->5710 5715 9556cd 5714->5715 5717 9556b6 5714->5717 5721 957501 5715->5721 5716 9556c6 5716->5715 5719 95cbe6 std::tr1::_Xmem 2 API calls 5716->5719 5717->5716 5718 95ca2b 2 API calls 5717->5718 5718->5716 5720 9556d8 5719->5720 5722 957510 5721->5722 5723 95753a 5722->5723 5724 94c244 memmove 5722->5724 5723->5711 5724->5722 4859 95b111 4860 95b126 4859->4860 4877 95834c 4860->4877 4863 95834c 8 API calls 4864 95b149 4863->4864 4865 95834c 8 API calls 4864->4865 4866 95b15a 4865->4866 4867 95834c 8 API calls 4866->4867 4868 95b16b 4867->4868 4869 95834c 8 API calls 4868->4869 4870 95b17c 4869->4870 4871 95834c 8 API calls 4870->4871 4872 95b190 4871->4872 4873 95834c 8 API calls 4872->4873 4874 95b1a1 4873->4874 4875 95834c 8 API calls 4874->4875 4876 95b1b2 4875->4876 4885 95db30 4877->4885 4880 95839f 4887 94c52f 4880->4887 4882 9583b2 4883 95cfa0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4882->4883 4884 9583be 4883->4884 4884->4863 4886 95835b memset vsprintf_s 4885->4886 4886->4880 4888 94c542 4887->4888 4894 94a44a 4888->4894 4897 95cc0a 4894->4897 4900 95cae8 ??0exception@@QAE@ABQBD 4897->4900 4899 95cc1d _CxxThrowException 4900->4899 5725 949d90 5726 949de7 5725->5726 5727 949d9b printf SetEvent 5725->5727 5728 949dd5 SetConsoleCtrlHandler 5727->5728 5729 949db7 GetLastError 5727->5729 5728->5726 5732 95d7cd __iob_func 5729->5732 5731 949dca fprintf 5731->5728 5732->5731 5733 95d210 5734 95d24d 5733->5734 5736 95d222 5733->5736 5735 95d247 ?terminate@ 5735->5734 5736->5734 5736->5735 5737 95cf90 5740 95d498 5737->5740 5739 95cf95 5739->5739 5741 95d4bd 5740->5741 5742 95d4ca GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 5740->5742 5741->5742 5743 95d4c1 5741->5743 5742->5743 5743->5739 5744 94bb91 5745 94bbbe 5744->5745 5746 94bbdc 5745->5746 5788 95d7cd __iob_func 5745->5788 5749 94bbfb 5746->5749 5757 94bc18 5746->5757 5748 94bbd1 fprintf 5748->5746 5789 95d7cd __iob_func 5749->5789 5751 94bfc4 5752 94bc07 fprintf 5752->5751 5755 94bc68 fprintf 5755->5757 5757->5751 5790 95d7cd __iob_func 5757->5790 5791 95d7cd __iob_func 5757->5791 5792 95d7cd __iob_func 5757->5792 5793 95d7cd __iob_func 5757->5793 5794 94a7ce 5757->5794 5797 95d7cd __iob_func 5757->5797 5798 95d7cd __iob_func 5757->5798 5799 95d7cd __iob_func 5757->5799 5800 95d7cd __iob_func 5757->5800 5801 95d7cd __iob_func 5757->5801 5802 95d7cd __iob_func 5757->5802 5803 95d7cd __iob_func 5757->5803 5804 95d7cd __iob_func 5757->5804 5805 95d7cd __iob_func 5757->5805 5806 95d7cd __iob_func 5757->5806 5807 95d7cd __iob_func 5757->5807 5808 95d7cd __iob_func 5757->5808 5809 94a17a 5757->5809 5758 94bd48 fprintf 5758->5757 5761 94bcb6 fprintf 5761->5757 5763 94bd0b fprintf 5763->5757 5765 94bda2 fprintf 5765->5757 5767 94bdc9 fprintf 5767->5757 5769 94bdfa fprintf 5769->5757 5773 94be27 fprintf 5773->5757 5774 94be83 fprintf 5774->5757 5775 94be9f fprintf 5775->5757 5778 94be48 fprintf 5778->5757 5779 94bec7 fprintf 5779->5757 5782 94bf3b fprintf 5782->5757 5784 94bf0a fprintf 5784->5757 5786 94bee8 fprintf 5786->5757 5787 94bf74 fprintf 5787->5757 5788->5748 5789->5752 5790->5755 5791->5761 5792->5763 5793->5758 5814 94c1d7 5794->5814 5796 94a7e1 5796->5757 5797->5765 5798->5767 5799->5769 5800->5773 5801->5778 5802->5774 5803->5775 5804->5779 5805->5786 5806->5784 5807->5782 5808->5787 5810 94a186 5809->5810 5811 94a1b1 5809->5811 5812 94a19d ??3@YAXPAX 5810->5812 5845 949cf3 5810->5845 5811->5757 5812->5811 5815 94c1e3 __EH_prolog3_catch 5814->5815 5820 94c334 5815->5820 5818 94c220 5818->5796 5821 94c352 5820->5821 5822 94c20a 5820->5822 5823 94c378 5821->5823 5824 94c35a 5821->5824 5822->5818 5828 94c870 5822->5828 5826 94c465 2 API calls 5823->5826 5832 94c4f6 5824->5832 5827 94c37d 5826->5827 5829 94c87c __EH_prolog3_catch 5828->5829 5830 94c8df 5829->5830 5839 94a7ef 5829->5839 5830->5818 5833 94c504 5832->5833 5834 94c51e 5832->5834 5836 95ca2b 2 API calls 5833->5836 5838 94c517 5833->5838 5834->5822 5835 95cbe6 std::tr1::_Xmem 2 API calls 5837 94c529 5835->5837 5836->5838 5838->5834 5838->5835 5840 94a7fb 5839->5840 5841 94c26e memcpy 5840->5841 5842 94a809 5841->5842 5843 94c26e memcpy 5842->5843 5844 94a91b 5843->5844 5844->5829 5846 94a1b9 2 API calls 5845->5846 5847 949d07 5846->5847 5848 94a1b9 2 API calls 5847->5848 5849 949d12 5848->5849 5849->5810 5690 94a49c 5691 94a4a8 __EH_prolog3_catch 5690->5691 5698 94a58f 5691->5698 5693 94a547 5695 94a1b9 2 API calls 5693->5695 5697 94a552 5695->5697 5696 94a53c memcpy 5696->5693 5699 94a59d 5698->5699 5700 94a4f7 5698->5700 5701 94a5a8 5699->5701 5702 95ca2b 2 API calls 5699->5702 5700->5693 5700->5696 5701->5700 5703 95cbe6 std::tr1::_Xmem 2 API calls 5701->5703 5702->5701 5704 94a5ba 5703->5704 5853 95789f 5856 955238 5853->5856 5855 9578c9 5857 955256 5856->5857 5858 955252 5856->5858 5859 95525e 5857->5859 5860 955279 5857->5860 5858->5855 5868 955b4b 5859->5868 5862 94c465 2 API calls 5860->5862 5863 95527e 5862->5863 5867 9552a3 5863->5867 5881 955b81 5863->5881 5867->5855 5869 955b70 5868->5869 5870 955b59 5868->5870 5869->5858 5871 955b69 5870->5871 5872 95ca2b 2 API calls 5870->5872 5871->5869 5873 95cbe6 std::tr1::_Xmem 2 API calls 5871->5873 5872->5871 5874 955b7b 5873->5874 5875 955bc4 5874->5875 5876 955bb2 5874->5876 5877 955bcb 5874->5877 5875->5858 5893 956026 5876->5893 5878 94c465 2 API calls 5877->5878 5879 955bd0 5878->5879 5882 9552c7 5881->5882 5883 955ba0 5881->5883 5889 95690e 5882->5889 5884 955bb2 5883->5884 5885 955bcb 5883->5885 5888 956026 7 API calls 5884->5888 5886 94c465 2 API calls 5885->5886 5887 955bd0 5886->5887 5888->5882 5890 956933 5889->5890 5891 95691a 5889->5891 5890->5867 5891->5890 5892 95691e memset 5891->5892 5892->5891 5894 955b4b 6 API calls 5893->5894 5895 95603a 5894->5895 5896 95605f ??3@YAXPAX 5895->5896 5897 95606b 5895->5897 5896->5897 5897->5875 5898 95b41e 5899 95834c 8 API calls 5898->5899 5900 95b431 5899->5900 5901 95834c 8 API calls 5900->5901 5902 95b43f 5901->5902 5903 95834c 8 API calls 5902->5903 5904 95b44d 5903->5904 5905 95834c 8 API calls 5904->5905 5906 95b45b 5905->5906 5907 95834c 8 API calls 5906->5907 5908 95b469 5907->5908 5909 95834c 8 API calls 5908->5909 5910 95b477 5909->5910 5911 95834c 8 API calls 5910->5911 5912 95b488 5911->5912 5913 95834c 8 API calls 5912->5913 5914 95b496 5913->5914 5915 95834c 8 API calls 5914->5915 5916 95b4a4 5915->5916 5917 95834c 8 API calls 5916->5917 5918 95b4b2 5917->5918 5919 95834c 8 API calls 5918->5919 5920 95b4c0 5919->5920 5921 95834c 8 API calls 5920->5921 5922 95b4ce 5921->5922 5923 95834c 8 API calls 5922->5923 5924 95b4dc 5923->5924 5925 955d04 ??3@YAXPAX 4840 952e86 4841 952ea6 strcpy_s 4840->4841 4842 952ea1 4840->4842 4841->4842 4845 952ec4 4841->4845 4849 95cfa0 4842->4849 4844 952f21 4845->4842 4846 952ee1 GetFileAttributesA 4845->4846 4846->4845 4847 952ef6 CreateDirectoryA 4846->4847 4847->4845 4848 952f25 GetLastError 4847->4848 4848->4842 4850 95cfa8 4849->4850 4851 95cfab 4849->4851 4850->4844 4854 95d5fa SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4851->4854 4853 95d735 4853->4844 4854->4853 5926 949c80 5927 949c92 5926->5927 5930 94a144 5927->5930 5931 94a162 5930->5931 5934 94a3ca 5931->5934 5935 94a3dc 5934->5935 5936 94a3e0 5935->5936 5938 94a3fc 5935->5938 5937 94a205 memcpy 5936->5937 5940 949ca5 5937->5940 5939 94a41e memcpy 5938->5939 5938->5940 5939->5940 5941 958300 ??0exception@@QAE@ABV0@ 5942 95cc31 5945 95cb48 ??0exception@@QAE@ABQBD 5942->5945 5944 95cc44 _CxxThrowException 5945->5944 5946 949c30 5947 949c40 5946->5947 5948 949c4f 5946->5948 5950 94a144 2 API calls 5947->5950 5952 949be0 5948->5952 5951 949c4d 5950->5951 5953 949bf2 5952->5953 5954 94a144 2 API calls 5953->5954 5955 949c05 5954->5955 5955->5951 5956 958230 ??1exception@@UAE 5957 958243 ??3@YAXPAX 5956->5957 5958 95824b 5956->5958 5957->5958 5964 95a7b9 5965 95a7f9 5964->5965 5966 95a7d2 5964->5966 5966->5965 5967 95556e 10 API calls 5966->5967 5967->5966 5972 94a7a7 5973 94c26e memcpy 5972->5973 5974 94a7c0 5973->5974 5977 9580a2 5978 9565fc 5 API calls 5977->5978 5979 9580b3 5978->5979 5983 954f2b 5984 954f65 5983->5984 5985 954f4c 5983->5985 5987 954f63 5984->5987 6000 9558a9 5984->6000 5991 955965 5985->5991 5992 95597e 5991->5992 5997 955994 5991->5997 5993 955983 5992->5993 5992->5997 5995 955927 7 API calls 5993->5995 5994 95598d 5994->5987 5995->5994 5996 9559b6 5998 955927 7 API calls 5996->5998 5997->5994 5997->5996 6012 956c85 5997->6012 5998->5994 6001 954f73 6000->6001 6002 9558cc 6000->6002 6008 9568b5 6001->6008 6003 95591c 6002->6003 6006 9558e3 6002->6006 6004 94c465 2 API calls 6003->6004 6005 955921 6004->6005 6018 955f7b 6006->6018 6009 956903 6008->6009 6010 9568be 6008->6010 6009->5987 6010->6009 6011 9568d2 memset 6010->6011 6011->6010 6013 956cda 6012->6013 6014 956cd3 6012->6014 6016 956d26 6013->6016 6017 94a107 ??3@YAXPAX 6013->6017 6015 9552fd 7 API calls 6014->6015 6015->6013 6016->5997 6017->6016 6019 95566f 4 API calls 6018->6019 6020 955f8f 6019->6020 6021 955fc9 6020->6021 6022 955927 7 API calls 6020->6022 6021->6001 6023 955fc0 ??3@YAXPAX 6022->6023 6023->6021 6024 95d056 6027 95cfb8 6024->6027 6028 95cfc4 6027->6028 6029 95cfd5 _onexit 6028->6029 6030 95cfeb _lock __dllonexit 6028->6030 6033 95d03d 6029->6033 6036 95d048 _unlock 6030->6036 6037 95d5b4 6033->6037 6036->6033 6038 95cfa0 4 API calls 6037->6038 6039 95d044 6038->6039 6040 956fd6 6041 956feb 6040->6041 6042 957036 ??3@YAXPAX 6041->6042 6043 957028 6042->6043 6044 949b50 6045 949b7d 6044->6045 6046 95cfa0 4 API calls 6045->6046 6047 949b94 6046->6047 6049 95d5d0 _except_handler4_common 6050 954add 6051 954afc 6050->6051 6053 954b12 6050->6053 6056 95538e 6051->6056 6055 954b10 6053->6055 6065 955339 6053->6065 6057 9553a9 6056->6057 6059 9553ce 6056->6059 6058 9553b0 6057->6058 6057->6059 6061 95542f 6 API calls 6058->6061 6064 9553c4 6058->6064 6063 9553ef 6059->6063 6059->6064 6073 956b9a 6059->6073 6061->6058 6062 95542f 6 API calls 6062->6063 6063->6062 6063->6064 6064->6055 6066 95537c 6065->6066 6067 955358 6065->6067 6066->6055 6068 955383 6067->6068 6071 95536a 6067->6071 6069 94c465 2 API calls 6068->6069 6070 955388 6069->6070 6077 955c3f 6071->6077 6074 956baa 6073->6074 6076 956baf 6073->6076 6075 95542f 6 API calls 6074->6075 6075->6076 6076->6059 6084 9560c1 6077->6084 6079 955cac 6079->6066 6080 955ca3 ??3@YAXPAX 6080->6079 6081 95542f 6 API calls 6082 955c57 6081->6082 6082->6079 6082->6080 6082->6081 6083 955c9d 6082->6083 6083->6080 6085 9560e6 6084->6085 6086 9560cf 6084->6086 6085->6082 6087 9560df 6086->6087 6088 95ca2b 2 API calls 6086->6088 6087->6085 6089 95cbe6 std::tr1::_Xmem 2 API calls 6087->6089 6088->6087 6090 9560f1 6089->6090 6091 9574d8 6092 94a107 ??3@YAXPAX 6091->6092 6093 9574ec 6092->6093 6094 9552fd 7 API calls 6093->6094 6095 9574f7 6094->6095 6096 950b58 6097 950b74 6096->6097 6098 950b9e 6096->6098 6099 950b84 memmove 6097->6099 6101 950b7b 6097->6101 6098->6101 6102 950be3 6098->6102 6099->6101 6103 950c33 6102->6103 6104 950bfd 6102->6104 6103->6101 6105 950c0f 6104->6105 6106 950c39 6104->6106 6110 950c44 6105->6110 6107 94c465 2 API calls 6106->6107 6108 950c3e 6107->6108 6111 950c70 memmove 6110->6111 6115 950c58 6110->6115 6112 950c94 ??3@YAXPAX 6111->6112 6113 950c9d 6111->6113 6112->6113 6113->6103 6114 950cb7 6117 95cbe6 std::tr1::_Xmem 2 API calls 6114->6117 6115->6114 6116 95ca2b 2 API calls 6115->6116 6118 950c69 6116->6118 6119 950cbc 6117->6119 6118->6111 6118->6114 6120 94cec4 130 API calls 6121 956a45 6122 956a55 6121->6122 6123 956a5f 6121->6123 6124 94a205 memcpy 6122->6124 6125 956b75 6123->6125 6126 94a205 memcpy 6123->6126 6124->6123 6126->6125 6127 94b845 6128 94b862 6127->6128 6129 94a144 2 API calls 6128->6129 6130 94b89b sprintf_s 6129->6130 6131 94b8ce 6130->6131 6132 94c52f 2 API calls 6131->6132 6133 94b8e0 6132->6133 6134 94c52f 2 API calls 6133->6134 6135 94b90c 6134->6135 6136 94c52f 2 API calls 6135->6136 6137 94b92c 6136->6137 6139 94c52f 2 API calls 6137->6139 6140 94b961 6137->6140 6138 94baeb 6141 94c52f 2 API calls 6138->6141 6139->6140 6140->6138 6142 94c52f 2 API calls 6140->6142 6146 94bb00 6141->6146 6145 94b98b 6142->6145 6143 94bb42 6147 94c52f 2 API calls 6143->6147 6148 94c52f 2 API calls 6145->6148 6146->6143 6150 94a1b9 2 API calls 6146->6150 6175 94b41d 6146->6175 6149 94bb57 6147->6149 6152 94b9ab 6148->6152 6151 94c52f 2 API calls 6149->6151 6150->6146 6153 94bb6c 6151->6153 6154 94c52f 2 API calls 6152->6154 6155 95cfa0 4 API calls 6153->6155 6157 94b9cb 6154->6157 6156 94bb86 6155->6156 6158 94c52f 2 API calls 6157->6158 6159 94b9eb 6158->6159 6160 94c52f 2 API calls 6159->6160 6161 94ba0b 6160->6161 6162 94c52f 2 API calls 6161->6162 6163 94ba2b 6162->6163 6164 94c52f 2 API calls 6163->6164 6165 94ba4b 6164->6165 6166 94c52f 2 API calls 6165->6166 6167 94ba6b 6166->6167 6168 94c52f 2 API calls 6167->6168 6169 94ba8b 6168->6169 6170 94c52f 2 API calls 6169->6170 6171 94baab 6170->6171 6172 94c52f 2 API calls 6171->6172 6173 94bacb 6172->6173 6174 94c52f 2 API calls 6173->6174 6174->6138 6176 94b43a 6175->6176 6177 94a144 2 API calls 6176->6177 6178 94b479 6177->6178 6179 94c52f 2 API calls 6178->6179 6180 94b4a7 6179->6180 6181 94c52f 2 API calls 6180->6181 6182 94b4c7 6181->6182 6183 94c52f 2 API calls 6182->6183 6184 94b4e7 6183->6184 6185 94c52f 2 API calls 6184->6185 6186 94b507 sprintf_s 6185->6186 6187 94b52e 6186->6187 6188 94c52f 2 API calls 6187->6188 6189 94b540 sprintf_s 6188->6189 6190 94b562 6189->6190 6191 94c52f 2 API calls 6190->6191 6192 94b574 sprintf_s 6191->6192 6193 94b596 6192->6193 6194 94c52f 2 API calls 6193->6194 6195 94b5a8 sprintf_s 6194->6195 6196 94b5ca 6195->6196 6197 94c52f 2 API calls 6196->6197 6198 94b5dc sprintf_s 6197->6198 6199 94b5fe 6198->6199 6200 94c52f 2 API calls 6199->6200 6201 94b610 sprintf_s 6200->6201 6202 94b632 6201->6202 6203 94c52f 2 API calls 6202->6203 6204 94b644 6203->6204 6205 94b6c8 6204->6205 6206 94c52f 2 API calls 6204->6206 6207 94c52f 2 API calls 6205->6207 6217 94b666 6206->6217 6212 94b6e3 6207->6212 6208 94b6b3 6215 94c52f 2 API calls 6208->6215 6209 94b66e sprintf_s 6209->6217 6210 94b72e 6213 94c52f 2 API calls 6210->6213 6212->6210 6218 94a1b9 2 API calls 6212->6218 6223 94ab1c 6212->6223 6216 94b743 6213->6216 6214 94c52f 2 API calls 6214->6217 6215->6205 6219 94c52f 2 API calls 6216->6219 6217->6208 6217->6209 6217->6214 6218->6212 6220 94b758 6219->6220 6221 95cfa0 4 API calls 6220->6221 6222 94b772 6221->6222 6222->6146 6224 94ab39 6223->6224 6225 94a144 2 API calls 6224->6225 6226 94ab72 6225->6226 6322 94c716 6226->6322 6228 94aba9 6229 94a1b9 2 API calls 6228->6229 6230 94abc6 6229->6230 6231 94a1b9 2 API calls 6230->6231 6232 94abd7 sprintf_s 6231->6232 6233 94abfd 6232->6233 6234 94c52f 2 API calls 6233->6234 6235 94ac0f sprintf_s 6234->6235 6236 94ac38 6235->6236 6237 94c52f 2 API calls 6236->6237 6238 94ac4a 6237->6238 6239 94c52f 2 API calls 6238->6239 6240 94ac77 6239->6240 6241 94c52f 2 API calls 6240->6241 6242 94aca5 6241->6242 6243 94c52f 2 API calls 6242->6243 6244 94acd3 6243->6244 6245 94c52f 2 API calls 6244->6245 6246 94ad01 6245->6246 6248 94ad3a 6246->6248 6249 94c52f 2 API calls 6246->6249 6247 94ad5b 6251 94c52f 2 API calls 6247->6251 6248->6247 6250 94c52f 2 API calls 6248->6250 6249->6248 6250->6247 6252 94ad73 6251->6252 6253 94ad79 6252->6253 6254 94c52f 2 API calls 6252->6254 6255 94c52f 2 API calls 6253->6255 6256 94adcb 6254->6256 6257 94aeae 6255->6257 6259 94c52f 2 API calls 6256->6259 6258 94c52f 2 API calls 6257->6258 6262 94aec6 6258->6262 6260 94ade3 sprintf_s 6259->6260 6261 94ae12 6260->6261 6263 94c52f 2 API calls 6261->6263 6264 94c52f 2 API calls 6262->6264 6265 94ae24 6263->6265 6266 94aef1 6264->6266 6328 94c755 6265->6328 6268 94aef7 sprintf_s 6266->6268 6269 94af2f 6266->6269 6270 94af1d 6268->6270 6271 94af70 6269->6271 6272 94af38 sprintf_s 6269->6272 6280 94c52f 2 API calls 6270->6280 6273 94af76 sprintf_s 6271->6273 6274 94afb1 6271->6274 6275 94af5e 6272->6275 6277 94af9f 6273->6277 6278 94afb7 sprintf_s 6274->6278 6279 94b002 sprintf_s 6274->6279 6281 94c52f 2 API calls 6275->6281 6276 94ae34 6276->6253 6282 94c716 3 API calls 6276->6282 6285 94c52f 2 API calls 6277->6285 6288 94afee 6278->6288 6287 94b038 6279->6287 6280->6269 6281->6271 6284 94ae68 6282->6284 6290 94a1b9 2 API calls 6284->6290 6285->6274 6289 94c52f 2 API calls 6287->6289 6291 94c52f 2 API calls 6288->6291 6297 94b04a 6289->6297 6292 94ae85 6290->6292 6293 94b000 sprintf_s 6291->6293 6294 94a1b9 2 API calls 6292->6294 6296 94b094 6293->6296 6294->6253 6298 94c52f 2 API calls 6296->6298 6299 94c52f 2 API calls 6297->6299 6300 94b0a6 sprintf_s 6298->6300 6299->6293 6301 94b0cb 6300->6301 6302 94c52f 2 API calls 6301->6302 6303 94b0dd sprintf_s 6302->6303 6304 94b0ff 6303->6304 6305 94c52f 2 API calls 6304->6305 6306 94b111 sprintf_s 6305->6306 6307 94b133 6306->6307 6308 94c52f 2 API calls 6307->6308 6309 94b145 sprintf_s 6308->6309 6310 94b16a 6309->6310 6311 94c52f 2 API calls 6310->6311 6312 94b17c sprintf_s 6311->6312 6313 94b19e 6312->6313 6314 94c52f 2 API calls 6313->6314 6315 94b1b0 6314->6315 6316 94c52f 2 API calls 6315->6316 6317 94b1ec 6316->6317 6318 94c52f 2 API calls 6317->6318 6319 94b201 6318->6319 6320 95cfa0 4 API calls 6319->6320 6321 94b21b 6320->6321 6321->6212 6323 94c732 6322->6323 6324 94c52f 2 API calls 6323->6324 6325 94c73e 6324->6325 6326 94c244 memmove 6325->6326 6327 94c746 6326->6327 6327->6228 6329 94c763 6328->6329 6332 94c383 6329->6332 6333 94c391 6332->6333 6334 94c3aa memcmp 6333->6334 6335 94c3bb 6333->6335 6334->6335 6335->6276 6336 95a644 6337 95a660 6336->6337 6338 95a6e9 6336->6338 6337->6338 6339 95a66b 6337->6339 6360 958257 ??0exception@@QAE@ABQBD 6338->6360 6351 95a948 6339->6351 6343 95a745 6344 95a6d3 6361 95829a ??0exception@@QAE@ABQBD 6344->6361 6345 95a68e 6345->6344 6347 95a6d5 6345->6347 6357 95a878 6347->6357 6348 95a6f8 _CxxThrowException 6348->6343 6350 95a6df 6352 95a954 6351->6352 6362 95aa15 6352->6362 6355 95a96b 6356 95a992 6355->6356 6368 95aa45 6355->6368 6356->6345 6402 95a9d8 6357->6402 6360->6348 6361->6348 6363 95ca2b 2 API calls 6362->6363 6364 95aa1c 6363->6364 6365 95aa25 6364->6365 6375 95ca88 ??0exception@@QAE@ABQBDH 6364->6375 6365->6355 6367 95cbf6 _CxxThrowException 6373 95aa51 __EH_prolog3_catch 6368->6373 6370 95ab59 6385 95acd3 6370->6385 6372 95aa73 6372->6355 6373->6370 6374 95aa61 6373->6374 6376 95abaa 6374->6376 6375->6367 6377 95abc1 6376->6377 6378 95acc3 6376->6378 6389 95ad87 6377->6389 6379 95cc0a 2 API calls 6378->6379 6381 95accd __EH_prolog3_catch 6379->6381 6383 95abaa 13 API calls 6381->6383 6384 95ad37 6381->6384 6382 95abc9 6382->6372 6383->6384 6384->6372 6386 95acdf __EH_prolog3_catch 6385->6386 6387 95abaa 13 API calls 6386->6387 6388 95ad37 6386->6388 6387->6388 6388->6372 6392 95adba 6389->6392 6391 95ad92 6391->6382 6393 95ca2b 2 API calls 6392->6393 6394 95adc6 6393->6394 6395 95cbe6 std::tr1::_Xmem 2 API calls 6394->6395 6396 95adcd 6394->6396 6397 95adf0 sprintf_s 6395->6397 6396->6391 6398 94a144 2 API calls 6397->6398 6399 95ae32 6398->6399 6400 95cfa0 4 API calls 6399->6400 6401 95ae3f 6400->6401 6401->6391 6403 95a887 ??3@YAXPAX 6402->6403 6404 95a9ed 6402->6404 6403->6350 6405 95a9f7 ??3@YAXPAX 6404->6405 6405->6403 6405->6404 6406 9549c4 6407 9549de 6406->6407 6410 9549ea 6406->6410 6408 954aa3 6407->6408 6409 954a9b ??3@YAXPAX 6407->6409 6407->6410 6411 955238 8 API calls 6408->6411 6409->6408 6411->6410 6412 95c944 6413 95c969 6412->6413 6415 95c97a 6412->6415 6414 95c9b9 9 API calls 6413->6414 6414->6415 6416 95c8c7 6418 95c8da 6416->6418 6417 95c8e0 6418->6417 6419 95c92c _CIsqrt 6418->6419 6419->6417 6420 9583c7 6421 9583d7 6420->6421 6422 95834c 8 API calls 6421->6422 6423 958436 6422->6423 4855 951446 4856 951471 NtQuerySystemInformation 4855->4856 4857 95cfa0 4 API calls 4856->4857 4858 951485 4857->4858 6424 94e8c7 6425 94e8f3 6424->6425 6426 94e901 6424->6426 6427 94e929 6425->6427 6428 94e8fb 6425->6428 6429 94c465 2 API calls 6427->6429 6430 94ebcd 4 API calls 6428->6430 6431 94e92e 6429->6431 6430->6426 6432 94e98f 6431->6432 6434 94e950 6431->6434 6433 94e99c 6432->6433 6435 94ea9a 13 API calls 6432->6435 6437 94a7ef memcpy 6433->6437 6440 94e98a 6433->6440 6436 94e96b 6434->6436 6441 94ea9a 6434->6441 6435->6433 6439 94a7ef memcpy 6436->6439 6436->6440 6437->6440 6439->6440 6442 94eab8 6441->6442 6443 94eafa 6441->6443 6444 94eb00 6442->6444 6446 94eacd 6442->6446 6443->6436 6445 94c465 2 API calls 6444->6445 6449 94eb05 6445->6449 6460 94ec03 6446->6460 6448 94ebc2 6450 95cbe6 std::tr1::_Xmem 2 API calls 6448->6450 6449->6448 6451 95ca2b 2 API calls 6449->6451 6456 94eb46 6449->6456 6453 94ebc7 6450->6453 6454 94eb3c 6451->6454 6452 94eba6 6452->6436 6454->6448 6454->6456 6455 94eb9d ??3@YAXPAX 6455->6452 6456->6452 6456->6455 6457 94a107 ??3@YAXPAX 6456->6457 6458 94a17a 3 API calls 6456->6458 6459 94eb94 6456->6459 6457->6456 6458->6456 6459->6455 6461 94c4f6 4 API calls 6460->6461 6462 94ec1b 6461->6462 6469 94eda9 6462->6469 6464 94ec30 6465 94ec70 6464->6465 6466 94ec67 ??3@YAXPAX 6464->6466 6467 949cf3 2 API calls 6464->6467 6468 94ec61 6464->6468 6465->6443 6466->6465 6467->6464 6468->6466 6470 94edb8 6469->6470 6471 94edd6 6470->6471 6473 94ee7b 6470->6473 6471->6464 6474 94c244 memmove 6473->6474 6475 94ee8d 6474->6475 6476 94c244 memmove 6475->6476 6477 94ef9b 6476->6477 6477->6470 6478 94d640 6480 94d65d 6478->6480 6498 94d656 6478->6498 6479 94d70b 6486 94d759 6479->6486 6507 95d7cd __iob_func 6479->6507 6480->6479 6481 94d7a9 6480->6481 6482 94d70d 6480->6482 6480->6498 6502 94ca4a 6480->6502 6510 95d7cd __iob_func 6481->6510 6506 95d7cd __iob_func 6482->6506 6487 94d7a2 6486->6487 6491 94d7e1 6486->6491 6508 95d7cd __iob_func 6486->6508 6511 95d7cd __iob_func 6487->6511 6488 94d71a fprintf 6488->6479 6489 94d7b5 fprintf 6489->6479 6495 94ca4a 7 API calls 6491->6495 6494 94d74c fprintf 6494->6486 6495->6498 6496 94d775 fprintf 6496->6487 6499 94d787 6496->6499 6497 94d7d3 fprintf 6497->6491 6497->6498 6509 95d7cd __iob_func 6499->6509 6501 94d793 fprintf 6501->6487 6501->6499 6503 94ca63 6502->6503 6504 94ca5b 6502->6504 6503->6480 6512 94ec98 6504->6512 6506->6488 6507->6494 6508->6496 6509->6501 6510->6489 6511->6497 6513 94ece2 6512->6513 6514 94ecab 6512->6514 6513->6503 6515 94ece6 6514->6515 6517 94ecbf 6514->6517 6516 94c465 2 API calls 6515->6516 6518 94eceb 6516->6518 6519 94ecf1 5 API calls 6517->6519 6519->6513 6520 949d40 vprintf 6521 94aac1 sprintf_s 6522 94a144 2 API calls 6521->6522 6523 94ab04 6522->6523 6524 95cfa0 4 API calls 6523->6524 6525 94ab11 6524->6525 6530 958442 6531 95834c 8 API calls 6530->6531 6532 958455 6531->6532 6533 95834c 8 API calls 6532->6533 6534 958460 6533->6534 6535 95834c 8 API calls 6534->6535 6536 95846b 6535->6536 6537 95834c 8 API calls 6536->6537 6538 958476 6537->6538 6539 95834c 8 API calls 6538->6539 6540 958481 6539->6540 6541 95834c 8 API calls 6540->6541 6542 9584a1 6541->6542 6543 95834c 8 API calls 6542->6543 6544 9584b2 6543->6544 6545 95834c 8 API calls 6544->6545 6546 9584c0 6545->6546 6547 95834c 8 API calls 6546->6547 6548 9584ce 6547->6548 6549 95834c 8 API calls 6548->6549 6550 9584dc 6549->6550 6551 95a5cd 6555 95a8a9 6551->6555 6556 95a5e0 _CIsqrt 6555->6556 6557 95a8c3 6555->6557 6557->6556 6560 9582c3 ??0exception@@QAE@ABQBD 6557->6560 6559 95a933 _CxxThrowException 6560->6559 6561 95bb4b 6562 95bb6e 6561->6562 6563 95834c 8 API calls 6562->6563 6564 95bc6a 6562->6564 6563->6562 6565 949a70 QueryPerformanceFrequency 6566 95c5f0 6567 95c604 6566->6567 6568 95c623 6566->6568 6567->6568 6569 95c608 6567->6569 6570 95c649 7 API calls 6568->6570 6571 95c615 6568->6571 6569->6571 6573 95c649 6569->6573 6570->6571 6574 95c693 6573->6574 6575 95c65c 6573->6575 6574->6571 6576 95c697 6575->6576 6579 95c670 6575->6579 6577 94c465 2 API calls 6576->6577 6578 95c69c 6577->6578 6581 95c6a2 6579->6581 6583 95c6b9 6581->6583 6584 95c6d3 6581->6584 6582 95c714 6586 95cbe6 std::tr1::_Xmem 2 API calls 6582->6586 6583->6582 6585 95ca2b 2 API calls 6583->6585 6588 95c6f6 6584->6588 6589 95c6ee ??3@YAXPAX 6584->6589 6587 95c6cc 6585->6587 6590 95c719 6586->6590 6587->6582 6587->6584 6588->6574 6589->6588 6591 94c77e 6592 94c792 6591->6592 6593 94c7ac 6591->6593 6594 94c7ef 6592->6594 6596 95ca2b 2 API calls 6592->6596 6597 94c7d5 6593->6597 6598 94c7cc ??3@YAXPAX 6593->6598 6595 95cbe6 std::tr1::_Xmem 2 API calls 6594->6595 6599 94c7f4 __EH_prolog3_catch 6595->6599 6600 94c7a5 6596->6600 6598->6597 6601 94c861 6599->6601 6602 94c26e memcpy 6599->6602 6600->6593 6600->6594 6602->6599 6603 94cd7e 6606 94cdb8 6603->6606 6612 94ce00 6603->6612 6604 94ce18 6626 94cc0b 6604->6626 6605 94ce49 6632 94e9ca 6605->6632 6609 94cdd1 memchr 6606->6609 6606->6612 6609->6606 6609->6612 6611 94ce2e 6616 94a3ca 2 API calls 6611->6616 6612->6604 6612->6605 6613 94cc0b 3 API calls 6614 94ce6e 6613->6614 6615 94a1b9 2 API calls 6614->6615 6617 94ce7d 6615->6617 6618 94ce47 6616->6618 6619 94e9ca memcpy 6617->6619 6621 95cfa0 4 API calls 6618->6621 6620 94ce8f 6619->6620 6622 94ea01 3 API calls 6620->6622 6623 94ceb6 6621->6623 6624 94ce99 6622->6624 6625 94a1b9 2 API calls 6624->6625 6625->6618 6631 94cc32 __aulldiv 6626->6631 6627 94cd62 6627->6611 6628 94cca3 toupper 6628->6631 6630 94cccd fprintf 6630->6631 6631->6627 6631->6628 6635 95d7cd __iob_func 6631->6635 6633 94a205 memcpy 6632->6633 6634 94ce58 6633->6634 6634->6613 6635->6630 6636 958df8 6637 958e41 6636->6637 6638 95834c 8 API calls 6637->6638 6639 958e50 6638->6639 6640 95834c 8 API calls 6639->6640 6641 958e5b 6640->6641 6642 958e90 sprintf_s 6641->6642 6647 958f8c 6641->6647 6644 95834c 8 API calls 6642->6644 6643 95834c 8 API calls 6645 958f9b sprintf_s 6643->6645 6644->6641 6648 95834c 8 API calls 6645->6648 6647->6643 6649 959006 6648->6649 6650 95cfa0 4 API calls 6649->6650 6651 95901a 6650->6651 6652 9531fa 6653 953205 SetEvent 6652->6653 6660 95322f 6652->6660 6654 95321c 6653->6654 6655 953239 6653->6655 6656 951330 4 API calls 6654->6656 6657 953231 Sleep 6655->6657 6655->6660 6658 953226 6656->6658 6657->6655 6661 9531aa 6658->6661 6662 9531c4 TerminateThread 6661->6662 6663 9531ef 6661->6663 6665 9531d3 6662->6665 6663->6660 6664 951330 4 API calls 6664->6665 6665->6662 6665->6663 6665->6664 6669 94f766 6694 950a84 6669->6694 6672 950a84 12 API calls 6673 94f7b3 6672->6673 6674 950a84 12 API calls 6673->6674 6693 94f937 6673->6693 6675 94f7db 6674->6675 6676 950a84 12 API calls 6675->6676 6675->6693 6677 94f803 6676->6677 6678 950a84 12 API calls 6677->6678 6677->6693 6679 94f82b 6678->6679 6680 950a84 12 API calls 6679->6680 6679->6693 6681 94f853 6680->6681 6682 950a84 12 API calls 6681->6682 6681->6693 6683 94f87b 6682->6683 6684 950a84 12 API calls 6683->6684 6683->6693 6685 94f8a3 6684->6685 6686 950a84 12 API calls 6685->6686 6685->6693 6687 94f8cb 6686->6687 6688 950a84 12 API calls 6687->6688 6687->6693 6689 94f8ef 6688->6689 6690 950a84 12 API calls 6689->6690 6689->6693 6691 94f913 6690->6691 6692 950a84 12 API calls 6691->6692 6691->6693 6692->6693 6695 950a90 __EH_prolog3_GS 6694->6695 6704 94f15e 6695->6704 6698 950b16 VariantClear 6720 94f72b 6698->6720 6703 950af2 _wcsicmp SysFreeString 6703->6698 6727 95d14c 6704->6727 6706 94f16a VariantClear 6707 94f227 SysAllocString 6706->6707 6712 94f18f 6706->6712 6708 94f235 6707->6708 6709 94f254 free 6708->6709 6710 94f262 6708->6710 6709->6708 6713 95d100 4 API calls 6710->6713 6711 94f224 6711->6707 6712->6711 6717 94f1c8 6712->6717 6728 94f002 6712->6728 6714 94f26c 6713->6714 6714->6698 6714->6703 6716 94f1e4 malloc 6716->6711 6718 94f1cc 6716->6718 6717->6708 6717->6716 6717->6718 6718->6711 6719 94f204 MultiByteToWideChar 6718->6719 6719->6711 6723 94f741 6720->6723 6721 95cfa0 4 API calls 6722 94f75d 6721->6722 6724 95d100 6722->6724 6723->6721 6725 95cfa0 4 API calls 6724->6725 6726 94f785 6725->6726 6726->6672 6726->6693 6727->6706 6729 94f00e 6728->6729 6730 95d5b4 4 API calls 6729->6730 6731 94f069 6730->6731 6731->6717 6732 949ae0 6733 949af4 ??3@YAXPAX 6732->6733 6734 949afc 6732->6734 6733->6734 6735 949d60 6738 95d7cd __iob_func 6735->6738 6737 949d72 vfprintf 6738->6737 4901 951f60 4903 951f6f __EH_prolog3_GS 4901->4903 4902 951ff8 srand 4904 952013 4902->4904 4910 952094 4902->4910 4903->4902 5139 94aa3b 4903->5139 5039 951370 4904->5039 4907 951fd8 4907->4902 4909 95207d 5142 951330 4909->5142 4987 9520b5 __aulldiv 4910->4987 5043 951175 GetCurrentProcess OpenProcessToken 4910->5043 4913 95253e 4914 951370 4 API calls 4913->4914 4915 95255b 4914->4915 5071 9547a3 4915->5071 4919 95208d 4920 952da3 4919->4920 4923 952d8c VirtualFree 4919->4923 4924 952da8 FindCloseChangeNotification 4920->4924 4925 952db8 4920->4925 4922 951330 4 API calls 4927 952731 4922->4927 4923->4919 4924->4920 4930 952dc2 CloseHandle 4925->4930 4931 952dc9 4925->4931 4934 94a1b9 2 API calls 4927->4934 4928 95212c atoi sprintf_s 4928->4987 4929 95215d isalpha 4929->4987 4930->4931 5255 952df7 4931->5255 4933 952685 4936 952af0 4933->4936 4938 9526a8 4933->4938 4934->4919 4935 952172 sprintf_s 4935->4987 4939 952b3b 4936->4939 4943 952b0d CreateIoCompletionPort 4936->4943 4942 951681 5 API calls 4938->4942 5090 9546bf 4939->5090 4945 9526b8 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 4942->4945 4943->4936 4946 952b42 GetLastError 4943->4946 4952 951370 4 API calls 4945->4952 4946->4939 4950 952b6b 5094 95463a 4950->5094 4954 9526f4 SetFilePointerEx 4952->4954 4957 952715 GetLastError 4954->4957 4958 952834 4954->4958 4955 9547a3 13 API calls 4974 952b87 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 4955->4974 4956 952232 CreateFileA 4960 9527f1 GetLastError 4956->4960 4956->4987 4966 952726 4957->4966 4959 951370 4 API calls 4958->4959 4964 95284b WaitForSingleObject 4959->4964 4972 95280a 4960->4972 4961 95259d 4961->4933 4962 95c74e 11 API calls 4961->4962 5183 94a786 4961->5183 5186 94ea01 4961->5186 5192 94a1b9 4961->5192 4962->4961 4963 952cfc 4970 951370 4 API calls 4963->4970 4968 952861 GetLastError 4964->4968 4969 952872 4964->4969 4973 951330 4 API calls 4966->4973 4968->4969 4975 951370 4 API calls 4969->4975 4976 952d13 WaitForSingleObject 4970->4976 4977 951330 4 API calls 4972->4977 4973->4927 4974->4963 4978 954c97 8 API calls 4974->4978 5000 951490 5 API calls 4974->5000 5008 951370 4 API calls 4974->5008 5100 951681 4974->5100 4980 952889 4975->4980 4976->4968 4981 952d2d 4976->4981 4977->4927 4978->4974 4979 954fac 8 API calls 4979->4987 4980->4919 4991 9528af 4980->4991 4983 951370 4 API calls 4981->4983 4982 9522da SetFileInformationByHandle 4985 952738 GetLastError 4982->4985 4982->4987 4984 952d44 4983->4984 4984->4919 4993 952d68 4984->4993 4994 952d5b 4984->4994 4985->4972 4986 952258 4986->4966 4986->4987 5146 951250 CreateEventA 4986->5146 5155 951085 CreateEventA 4986->5155 5169 950fb0 CreateEventA 4986->5169 4987->4913 4987->4919 4987->4928 4987->4929 4987->4935 4987->4956 4987->4979 4987->4982 4987->4986 4990 952330 GetFileSize 4987->4990 4999 952756 4987->4999 5002 951330 4 API calls 4987->5002 5004 954738 12 API calls 4987->5004 5011 9527a2 4987->5011 5020 94a786 memcpy 4987->5020 5026 951370 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4987->5026 5030 94a1b9 memcpy ??3@YAXPAX 4987->5030 5034 952769 4987->5034 5058 951640 4987->5058 5062 94bfd5 4987->5062 4990->4987 4996 95234b GetLastError 4990->4996 5197 9580d1 GetTickCount64 4991->5197 5240 951da7 4993->5240 5107 951733 4994->5107 4996->4987 4996->4999 4999->4922 5000->4974 5001 952aa6 5001->4919 5002->4987 5004->4987 5007 9528f8 Sleep 5029 9528ce __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5007->5029 5008->4974 5010 95293f ReadFile 5010->5029 5013 94a786 memcpy 5011->5013 5016 9527b0 5013->5016 5015 952aab GetLastError 5018 951330 4 API calls 5015->5018 5021 951330 4 API calls 5016->5021 5018->5001 5019 951330 4 API calls 5019->5029 5020->4987 5023 952797 5021->5023 5028 94a1b9 2 API calls 5023->5028 5026->4987 5028->4927 5029->4919 5029->5001 5029->5007 5029->5010 5029->5015 5029->5019 5031 951370 4 API calls 5029->5031 5199 95813d 5029->5199 5207 94a975 QueryPerformanceCounter 5029->5207 5208 95170c rand 5029->5208 5209 94c075 5029->5209 5212 9581c5 5029->5212 5216 950d77 5029->5216 5230 9512f0 5029->5230 5234 951490 5029->5234 5030->4987 5033 952a7c SetFilePointerEx 5031->5033 5033->5015 5033->5029 5035 94a786 memcpy 5034->5035 5036 952777 GetLastError 5035->5036 5038 951330 4 API calls 5036->5038 5038->5023 5041 95138b 5039->5041 5040 95cfa0 4 API calls 5042 9513ad GetCurrentThread SetThreadGroupAffinity 5040->5042 5041->5040 5042->4909 5042->4910 5044 9511c3 LookupPrivilegeValueA 5043->5044 5045 9511ac GetLastError 5043->5045 5047 9511ee AdjustTokenPrivileges 5044->5047 5048 9511de GetLastError 5044->5048 5046 951330 4 API calls 5045->5046 5049 9511be 5046->5049 5051 951205 GetLastError 5047->5051 5052 95120d GetLastError 5047->5052 5050 951217 5048->5050 5054 95122f FindCloseChangeNotification 5049->5054 5055 951238 5049->5055 5053 951330 4 API calls 5050->5053 5051->5050 5052->5049 5052->5050 5053->5049 5054->5055 5056 95cfa0 4 API calls 5055->5056 5057 951247 5056->5057 5057->4987 5059 951657 5058->5059 5061 951660 5058->5061 5060 951490 5 API calls 5059->5060 5060->5061 5061->4987 5063 94bff6 GetLargePageMinimum 5062->5063 5064 94c010 5062->5064 5065 94c018 VirtualAlloc 5063->5065 5064->5065 5066 94c062 5065->5066 5067 94c030 5065->5067 5066->4987 5068 94c047 5067->5068 5069 94c03a memset 5067->5069 5274 94c0e3 5068->5274 5069->5068 5072 9547c0 5071->5072 5073 9547e8 5071->5073 5075 9547d0 memmove 5072->5075 5076 95257d 5072->5076 5073->5076 5314 9550f1 5073->5314 5075->5076 5077 954b56 5076->5077 5078 954b64 5077->5078 5079 952588 5078->5079 5373 9577cb 5078->5373 5081 954b83 5079->5081 5082 954b8f __EH_prolog3_catch 5081->5082 5083 954bc9 5082->5083 5084 954baa 5082->5084 5085 954bc1 5083->5085 5405 95546e 5083->5405 5396 9554c5 5084->5396 5085->4961 5091 9546f4 5090->5091 5093 9546de 5090->5093 5091->5093 5538 955010 5091->5538 5093->4950 5095 954657 5094->5095 5096 95467f 5094->5096 5097 952b79 5095->5097 5098 954667 memmove 5095->5098 5096->5097 5556 954fac 5096->5556 5097->4955 5098->5097 5101 9516b6 5100->5101 5102 9516bc 5100->5102 5101->5102 5103 9516c9 5101->5103 5104 951490 5 API calls 5102->5104 5105 951640 5 API calls 5103->5105 5106 9516c5 5104->5106 5105->5106 5106->4974 5108 95173f 5107->5108 5564 954dd7 5108->5564 5110 951794 5112 9517d5 5110->5112 5119 9517f7 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5110->5119 5111 951b04 5113 951b16 5111->5113 5114 951b0e ??3@YAXPAX 5111->5114 5116 9580d1 GetTickCount64 5112->5116 5113->4919 5114->5113 5115 95813d 2 API calls 5115->5119 5116->5110 5117 9519b9 GetQueuedCompletionStatus 5118 951aea GetLastError 5117->5118 5117->5119 5118->5119 5121 951b47 5118->5121 5119->5111 5119->5115 5119->5117 5120 9519b2 Sleep 5119->5120 5122 951330 4 API calls 5119->5122 5125 950d77 16 API calls 5119->5125 5127 951490 5 API calls 5119->5127 5128 9518ff ReadFile 5119->5128 5129 9512f0 4 API calls 5119->5129 5132 951960 GetLastError 5119->5132 5133 951370 4 API calls 5119->5133 5135 951932 5119->5135 5568 95170c rand 5119->5568 5569 94a975 QueryPerformanceCounter 5119->5569 5120->5117 5123 951330 4 API calls 5121->5123 5122->5119 5123->5111 5125->5119 5127->5119 5128->5119 5129->5119 5130 94c075 rand 5131 951950 WriteFile 5130->5131 5131->5119 5132->5119 5134 951b1e GetLastError 5132->5134 5133->5119 5138 951330 4 API calls 5134->5138 5135->5130 5137 9581c5 GetTickCount64 5135->5137 5137->5119 5138->5111 5140 94aa98 _ftol2 5139->5140 5140->4907 5144 95134b 5142->5144 5143 95cfa0 4 API calls 5145 951367 5143->5145 5144->5143 5145->4919 5147 951280 GetLastError 5146->5147 5148 951288 DeviceIoControl 5146->5148 5149 9512e2 5147->5149 5150 9512a1 GetLastError 5148->5150 5151 9512d0 5148->5151 5149->4986 5150->5151 5152 9512b1 GetOverlappedResult 5150->5152 5151->5149 5153 9512d9 CloseHandle 5151->5153 5152->5151 5154 9512c6 GetLastError 5152->5154 5153->5149 5154->5151 5156 9510d4 DeviceIoControl 5155->5156 5157 9510b8 GetLastError 5155->5157 5159 951135 CloseHandle 5156->5159 5160 9510f9 GetLastError 5156->5160 5158 951330 4 API calls 5157->5158 5163 9510c9 5158->5163 5159->5163 5161 951106 WaitForSingleObject 5160->5161 5162 951128 5160->5162 5164 951115 GetLastError 5161->5164 5165 951123 5161->5165 5166 951330 4 API calls 5162->5166 5167 95cfa0 4 API calls 5163->5167 5164->5162 5165->5159 5166->5165 5168 95116c 5167->5168 5168->4987 5170 950fe3 GetLastError 5169->5170 5171 950ffc DeviceIoControl 5169->5171 5172 951330 4 API calls 5170->5172 5173 951021 GetLastError 5171->5173 5174 95105d CloseHandle 5171->5174 5175 950ff4 5172->5175 5176 951050 5173->5176 5177 95102e WaitForSingleObject 5173->5177 5174->5175 5181 95cfa0 4 API calls 5175->5181 5180 951330 4 API calls 5176->5180 5178 95103d GetLastError 5177->5178 5179 95104b 5177->5179 5178->5176 5179->5174 5180->5179 5182 95107c 5181->5182 5182->4986 5615 94c26e 5183->5615 5187 94ea21 5186->5187 5188 94ea0e 5186->5188 5187->4961 5189 94a1b9 2 API calls 5188->5189 5190 94ea17 5189->5190 5191 94c3d7 memmove 5190->5191 5191->5187 5193 94a1ec 5192->5193 5194 94a1cb 5192->5194 5193->4961 5194->5193 5195 94a1e3 ??3@YAXPAX 5194->5195 5196 94a1d8 memcpy 5194->5196 5195->5193 5196->5195 5198 958112 5197->5198 5198->5029 5200 958171 5199->5200 5201 958148 GetTickCount64 5199->5201 5202 958177 5200->5202 5203 958155 5200->5203 5201->5203 5202->5029 5203->5202 5204 958180 GetTickCount64 5203->5204 5205 95815c 5203->5205 5206 9581a0 5204->5206 5205->5029 5206->5029 5207->5029 5208->5029 5210 94c0a7 rand 5209->5210 5211 94c097 WriteFile 5209->5211 5210->5211 5211->5029 5213 9581e3 5212->5213 5214 9581fe 5212->5214 5213->5214 5215 9581e8 GetTickCount64 5213->5215 5214->5029 5215->5214 5217 950d8d 5216->5217 5218 950e55 5217->5218 5623 94a975 QueryPerformanceCounter 5217->5623 5218->5029 5220 950e13 5220->5218 5221 950e57 5220->5221 5222 950e4a 5220->5222 5225 95c7d3 11 API calls 5221->5225 5632 95c7d3 5222->5632 5223 950d9c 5223->5220 5226 950e02 5223->5226 5227 950e1a 5223->5227 5225->5218 5624 95556e 5226->5624 5229 95556e 10 API calls 5227->5229 5229->5220 5231 95130b 5230->5231 5232 95cfa0 4 API calls 5231->5232 5233 951327 5232->5233 5233->5029 5235 9514bb 5234->5235 5237 9514f4 __aullrem 5235->5237 5687 9513b6 rand rand rand rand rand 5235->5687 5238 9515cc __aulldiv __aullrem 5237->5238 5239 951640 5 API calls 5237->5239 5238->5029 5239->5238 5241 951f0e 5240->5241 5247 951ddf 5240->5247 5242 951f17 WaitForSingleObjectEx 5241->5242 5243 951f3c 5241->5243 5248 951f09 5241->5248 5242->5241 5245 951330 4 API calls 5243->5245 5245->5248 5247->5241 5249 951e3b ReadFileEx 5247->5249 5250 94c075 rand 5247->5250 5252 951edf GetLastError 5247->5252 5688 94a975 QueryPerformanceCounter 5247->5688 5689 95170c rand 5247->5689 5248->4919 5249->5247 5251 951e8b WriteFileEx 5250->5251 5251->5247 5254 951330 4 API calls 5252->5254 5254->5248 5256 94a107 ??3@YAXPAX 5255->5256 5257 952e05 5256->5257 5258 94a107 ??3@YAXPAX 5257->5258 5259 952e0d 5258->5259 5260 952e14 ??3@YAXPAX 5259->5260 5261 952e27 5259->5261 5260->5261 5262 94a107 ??3@YAXPAX 5261->5262 5263 952e2f 5262->5263 5264 94a107 ??3@YAXPAX 5263->5264 5265 952e37 5264->5265 5266 952e3c ??3@YAXPAX 5265->5266 5267 952e4f 5265->5267 5266->5267 5268 952e54 ??3@YAXPAX 5267->5268 5269 952e67 5267->5269 5268->5269 5270 94a107 ??3@YAXPAX 5269->5270 5271 952e6f 5270->5271 5272 94a107 ??3@YAXPAX 5271->5272 5273 952e77 5272->5273 5275 94c0f6 5274->5275 5276 94c118 5274->5276 5275->5276 5277 94c0fa 5275->5277 5278 94c29b 11 API calls 5276->5278 5279 94c10a 5276->5279 5277->5279 5281 94c29b 5277->5281 5278->5279 5279->5066 5282 94c2e5 5281->5282 5283 94c2ae 5281->5283 5282->5279 5284 94c2c2 5283->5284 5285 94c2e9 5283->5285 5292 94c475 5284->5292 5302 94c465 5285->5302 5293 94c4a3 memmove 5292->5293 5294 94c489 5292->5294 5295 94c4d1 5293->5295 5296 94c4c8 ??3@YAXPAX 5293->5296 5297 94c4eb 5294->5297 5305 95ca2b 5294->5305 5295->5282 5296->5295 5310 95cbe6 5297->5310 5303 95cc0a 2 API calls 5302->5303 5304 94c46f 5303->5304 5306 95ca3f malloc 5305->5306 5307 95ca32 _callnewh 5306->5307 5308 94c49c 5306->5308 5307->5306 5309 95ca4f 5307->5309 5308->5293 5308->5297 5309->5309 5313 95ca88 ??0exception@@QAE@ABQBDH 5310->5313 5312 95cbf6 _CxxThrowException 5313->5312 5315 955144 5314->5315 5316 95510c 5314->5316 5315->5076 5317 95514a 5316->5317 5318 95511f 5316->5318 5319 94c465 2 API calls 5317->5319 5334 955a5c 5318->5334 5320 95514f 5319->5320 5322 9551c0 5320->5322 5323 955178 5320->5323 5328 95517e 5320->5328 5324 94c465 2 API calls 5322->5324 5339 955ff0 5323->5339 5326 9551c5 5324->5326 5327 955227 5326->5327 5329 95522d 5326->5329 5332 9551fc 5326->5332 5327->5076 5328->5076 5330 94c465 2 API calls 5329->5330 5331 955232 5330->5331 5346 955ab8 5332->5346 5335 955ff0 4 API calls 5334->5335 5336 955a6e memmove 5335->5336 5337 955a92 ??3@YAXPAX 5336->5337 5338 955a9b 5336->5338 5337->5338 5338->5315 5340 956015 5339->5340 5341 955ffe 5339->5341 5340->5328 5342 95600e 5341->5342 5343 95ca2b 2 API calls 5341->5343 5342->5340 5344 95cbe6 std::tr1::_Xmem 2 API calls 5342->5344 5343->5342 5345 956020 5344->5345 5355 94c42f 5346->5355 5350 955b29 5350->5327 5351 955b20 ??3@YAXPAX 5351->5350 5352 955ae5 5352->5350 5352->5351 5353 94a1b9 2 API calls 5352->5353 5354 955b1a 5352->5354 5353->5352 5354->5351 5356 94c454 5355->5356 5357 94c43d 5355->5357 5362 95757e 5356->5362 5358 94c44d 5357->5358 5359 95ca2b 2 API calls 5357->5359 5358->5356 5360 95cbe6 std::tr1::_Xmem 2 API calls 5358->5360 5359->5358 5361 94c45f 5360->5361 5363 95758d 5362->5363 5364 9575a5 5363->5364 5366 94c244 5363->5366 5364->5352 5369 94c3d7 5366->5369 5370 94c262 5369->5370 5371 94c3e9 5369->5371 5370->5363 5371->5370 5372 94c3f1 memmove 5371->5372 5372->5370 5384 94a107 5373->5384 5376 94a107 ??3@YAXPAX 5377 9577e6 5376->5377 5387 954c1f 5377->5387 5379 9577ee 5380 954c1f 3 API calls 5379->5380 5381 9577f6 5380->5381 5382 94a1b9 2 API calls 5381->5382 5383 957801 5382->5383 5383->5078 5385 94a124 5384->5385 5386 94a111 ??3@YAXPAX 5384->5386 5385->5376 5386->5385 5388 94a107 ??3@YAXPAX 5387->5388 5389 954c2c 5388->5389 5392 956130 5389->5392 5393 956148 5392->5393 5394 954c33 ??3@YAXPAX 5392->5394 5395 956149 ??3@YAXPAX 5393->5395 5394->5379 5395->5394 5395->5395 5397 9554dd 5396->5397 5402 9554ec 5396->5402 5399 9554e2 5397->5399 5397->5402 5398 9554e7 5398->5085 5400 954b56 5 API calls 5399->5400 5400->5398 5401 955511 5401->5398 5404 9577cb 5 API calls 5401->5404 5402->5398 5402->5401 5417 956bd6 5402->5417 5404->5401 5406 954bd7 5405->5406 5407 95548f 5405->5407 5413 95682d 5406->5413 5408 9554a1 5407->5408 5409 9554ba 5407->5409 5474 955d1c 5408->5474 5410 94c465 2 API calls 5409->5410 5411 9554bf 5410->5411 5415 956839 __EH_prolog3_catch 5413->5415 5414 95688d 5414->5085 5415->5414 5526 950cc2 5415->5526 5418 94ea01 3 API calls 5417->5418 5419 956be8 5418->5419 5428 956d4e 5419->5428 5422 956d4e 9 API calls 5423 956c54 5422->5423 5434 956d8d 5423->5434 5426 956d8d ??3@YAXPAX 5427 956c78 5426->5427 5427->5402 5429 956c48 5428->5429 5430 956d68 5428->5430 5429->5422 5431 956130 ??3@YAXPAX 5430->5431 5432 956d77 5431->5432 5438 956161 5432->5438 5435 956c66 5434->5435 5436 956db4 5434->5436 5435->5426 5437 94a107 ??3@YAXPAX 5436->5437 5437->5435 5439 956190 5438->5439 5440 956180 5438->5440 5453 956353 5439->5453 5441 9561b6 5440->5441 5442 956188 5440->5442 5446 94c465 2 API calls 5441->5446 5448 94ecf1 5442->5448 5447 9561bb 5446->5447 5457 94ebcd 5448->5457 5450 94ed04 5451 94ed23 ??3@YAXPAX 5450->5451 5452 94ed2c 5450->5452 5451->5452 5452->5439 5454 956373 5453->5454 5464 95643c 5454->5464 5456 9561a1 5456->5429 5458 94ebf2 5457->5458 5459 94ebdb 5457->5459 5458->5450 5460 94ebeb 5459->5460 5461 95ca2b 2 API calls 5459->5461 5460->5458 5462 95cbe6 std::tr1::_Xmem 2 API calls 5460->5462 5461->5460 5463 94ebfd 5462->5463 5465 956462 5464->5465 5471 956503 5464->5471 5466 9565f1 5465->5466 5467 95648b 5465->5467 5465->5471 5468 94c465 2 API calls 5466->5468 5470 94ebcd 4 API calls 5467->5470 5469 9565f6 5468->5469 5472 95649f 5470->5472 5471->5456 5472->5471 5473 9564fa ??3@YAXPAX 5472->5473 5473->5471 5475 955d28 __EH_prolog3_catch 5474->5475 5483 9560f7 5475->5483 5479 955d85 5479->5406 5480 955d7c ??3@YAXPAX 5480->5479 5481 9577cb 5 API calls 5482 955d4b 5481->5482 5482->5479 5482->5480 5482->5481 5484 956105 5483->5484 5485 955d32 5483->5485 5486 956118 5484->5486 5487 95ca2b 2 API calls 5484->5487 5490 9575e3 5485->5490 5486->5485 5488 95cbe6 std::tr1::_Xmem 2 API calls 5486->5488 5487->5486 5489 95612a 5488->5489 5491 9575ef __EH_prolog3_catch 5490->5491 5492 957650 5491->5492 5494 95797e 5491->5494 5492->5482 5495 95798a 5494->5495 5496 94c244 memmove 5495->5496 5497 957998 5496->5497 5502 957b35 5497->5502 5499 9579fc 5500 957b35 10 API calls 5499->5500 5501 957a0c 5500->5501 5501->5491 5503 957b41 5502->5503 5510 9565fc 5503->5510 5505 957b64 5506 956130 ??3@YAXPAX 5505->5506 5507 957b8c 5506->5507 5508 956161 8 API calls 5507->5508 5509 957b95 5508->5509 5509->5499 5511 95ca2b 2 API calls 5510->5511 5512 956608 5511->5512 5513 95cbe6 std::tr1::_Xmem 2 API calls 5512->5513 5516 95660d 5512->5516 5514 956631 5513->5514 5520 956e2c 5514->5520 5516->5505 5518 94c244 memmove 5519 95665e 5518->5519 5519->5505 5521 95ca2b 2 API calls 5520->5521 5522 956e38 5521->5522 5523 956643 5522->5523 5524 95cbe6 std::tr1::_Xmem 2 API calls 5522->5524 5523->5518 5523->5519 5525 956e62 5524->5525 5527 950cce 5526->5527 5532 954c43 5527->5532 5529 950d16 5530 954c43 9 API calls 5529->5530 5531 950d22 5530->5531 5531->5415 5533 954c4f 5532->5533 5534 9565fc 5 API calls 5533->5534 5535 954c6a 5534->5535 5536 956161 8 API calls 5535->5536 5537 954c8a 5536->5537 5537->5529 5539 955076 5538->5539 5540 955031 5538->5540 5539->5093 5541 95507d 5540->5541 5543 955046 5540->5543 5542 94c465 2 API calls 5541->5542 5544 955082 5542->5544 5546 9559db 5543->5546 5547 955a07 5546->5547 5548 9559ef 5546->5548 5553 955a36 5547->5553 5554 955a2a ??3@YAXPAX 5547->5554 5549 955a51 5548->5549 5550 95ca2b 2 API calls 5548->5550 5551 95cbe6 std::tr1::_Xmem 2 API calls 5549->5551 5552 955a00 5550->5552 5555 955a56 5551->5555 5552->5547 5552->5549 5553->5539 5554->5553 5557 954fc7 5556->5557 5558 954fff 5556->5558 5559 955005 5557->5559 5562 954fda 5557->5562 5558->5097 5560 94c465 2 API calls 5559->5560 5561 95500a 5560->5561 5563 94c475 6 API calls 5562->5563 5563->5558 5565 954e0c 5564->5565 5566 954df6 5564->5566 5565->5566 5570 955735 5565->5570 5566->5110 5568->5119 5569->5119 5571 955756 5570->5571 5572 95579b 5570->5572 5573 9557a2 5571->5573 5576 95576b 5571->5576 5572->5566 5574 94c465 2 API calls 5573->5574 5575 9557a7 5574->5575 5578 955efa 5576->5578 5579 955f26 5578->5579 5580 955f0e 5578->5580 5586 955f55 5579->5586 5587 955f49 ??3@YAXPAX 5579->5587 5581 955f70 5580->5581 5583 95ca2b 2 API calls 5580->5583 5582 95cbe6 std::tr1::_Xmem 2 API calls 5581->5582 5584 955f75 5582->5584 5585 955f1f 5583->5585 5593 95566f 5584->5593 5585->5579 5585->5581 5586->5572 5587->5586 5589 955f8f 5590 955fc9 5589->5590 5600 955927 5589->5600 5590->5572 5594 955697 5593->5594 5595 95567d 5593->5595 5594->5589 5596 955690 5595->5596 5597 95ca2b 2 API calls 5595->5597 5596->5594 5598 95cbe6 std::tr1::_Xmem 2 API calls 5596->5598 5597->5596 5599 9556a2 5598->5599 5601 95595b ??3@YAXPAX 5600->5601 5603 955935 5600->5603 5601->5590 5602 94a107 ??3@YAXPAX 5602->5603 5603->5601 5603->5602 5605 9552fd 5603->5605 5606 955331 5605->5606 5607 955309 5605->5607 5606->5603 5608 95531d ??3@YAXPAX 5607->5608 5610 95542f 5607->5610 5608->5606 5611 955466 5610->5611 5612 95543b 5610->5612 5611->5607 5613 955452 ??3@YAXPAX 5612->5613 5614 9577cb 5 API calls 5612->5614 5613->5611 5614->5612 5618 94a205 5615->5618 5617 94a799 5617->4961 5619 94a291 5618->5619 5620 94a21c 5618->5620 5621 94a22a 5620->5621 5622 94a265 memcpy 5620->5622 5621->5617 5622->5621 5623->5223 5625 955583 5624->5625 5631 95560e 5625->5631 5639 957762 5625->5639 5631->5220 5633 95c7e7 __aulldiv 5632->5633 5634 95c82f 5632->5634 5637 95c812 5633->5637 5663 95c9b9 5633->5663 5669 95829a ??0exception@@QAE@ABQBD 5634->5669 5636 95c83c _CxxThrowException 5637->5218 5640 9565fc 5 API calls 5639->5640 5641 9555e7 5640->5641 5642 957118 5641->5642 5643 9555f2 5642->5643 5644 95713a 5642->5644 5647 95693d 5643->5647 5645 95cc0a 2 API calls 5644->5645 5646 957144 5645->5646 5648 956949 __EH_prolog3_catch 5647->5648 5649 956989 5648->5649 5652 9569dc 5648->5652 5654 956ee9 5649->5654 5651 9569b7 5651->5631 5660 957036 5652->5660 5655 956f04 5654->5655 5656 956161 8 API calls 5655->5656 5659 956f75 5655->5659 5657 956f52 5656->5657 5658 95693d 9 API calls 5657->5658 5657->5659 5658->5657 5659->5651 5661 957067 5660->5661 5662 95704a ??3@YAXPAX 5660->5662 5661->5651 5662->5661 5664 95c9d4 5663->5664 5665 95c9e8 5663->5665 5670 957706 5664->5670 5667 95c9e6 5665->5667 5674 955622 5665->5674 5667->5637 5669->5636 5671 95771b 5670->5671 5672 957720 5671->5672 5673 957729 memmove 5671->5673 5672->5667 5673->5672 5675 95563c 5674->5675 5676 95565f 5674->5676 5677 955664 5675->5677 5680 95564c 5675->5680 5676->5667 5678 94c465 2 API calls 5677->5678 5679 955669 5678->5679 5682 955df7 5680->5682 5683 94ebcd 4 API calls 5682->5683 5684 955e09 memmove 5683->5684 5685 955e36 5684->5685 5686 955e2d ??3@YAXPAX 5684->5686 5685->5676 5686->5685 5687->5237 5688->5247 5689->5247 6740 95d1e0 ??1type_info@@UAE 6741 95d1f4 ??3@YAXPAX 6740->6741 6742 95d1fb 6740->6742 6741->6742 6743 951b60 6744 951b84 6743->6744 6745 951b9f 6743->6745 6746 951330 4 API calls 6744->6746 6747 951be9 6745->6747 6750 951330 4 API calls 6745->6750 6749 951b97 6746->6749 6748 951c04 6747->6748 6752 9512f0 4 API calls 6747->6752 6751 951c49 6748->6751 6753 950d77 16 API calls 6748->6753 6750->6747 6754 951490 5 API calls 6751->6754 6752->6748 6753->6751 6755 951c5e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 6754->6755 6756 951370 4 API calls 6755->6756 6757 951c9b 6756->6757 6757->6749 6758 951ce0 6757->6758 6769 94a975 QueryPerformanceCounter 6757->6769 6770 95170c rand 6758->6770 6761 951cf7 6762 951d41 6761->6762 6763 951d0e ReadFileEx 6761->6763 6765 94c075 rand 6762->6765 6764 951d68 6763->6764 6764->6749 6767 951d7d GetLastError 6764->6767 6766 951d5f WriteFileEx 6765->6766 6766->6764 6768 951330 4 API calls 6767->6768 6768->6749 6769->6758 6770->6761 6771 94fa62 6798 9506e9 6771->6798 6774 94fbe8 6775 9506e9 12 API calls 6776 94faac 6775->6776 6776->6774 6777 9506e9 12 API calls 6776->6777 6778 94facf 6777->6778 6778->6774 6779 9506e9 12 API calls 6778->6779 6780 94faf2 6779->6780 6780->6774 6781 9506e9 12 API calls 6780->6781 6782 94fb15 6781->6782 6782->6774 6783 950a84 12 API calls 6782->6783 6784 94fb38 6783->6784 6784->6774 6785 950a84 12 API calls 6784->6785 6786 94fb5b 6785->6786 6786->6774 6787 950a84 12 API calls 6786->6787 6788 94fb7e 6787->6788 6788->6774 6789 950a84 12 API calls 6788->6789 6790 94fb9d 6789->6790 6790->6774 6791 9506e9 12 API calls 6790->6791 6792 94fbbc 6791->6792 6792->6774 6808 950475 6792->6808 6799 9506f5 __EH_prolog3_GS 6798->6799 6800 94f15e 9 API calls 6799->6800 6801 95070e 6800->6801 6802 95076f VariantClear 6801->6802 6807 950757 _wtoi SysFreeString 6801->6807 6803 94f72b 4 API calls 6802->6803 6804 950781 6803->6804 6805 95d100 4 API calls 6804->6805 6806 94fa83 6805->6806 6806->6774 6806->6775 6807->6802 6809 950481 __EH_prolog3_GS 6808->6809 6810 94f15e 9 API calls 6809->6810 6816 95049c 6810->6816 6811 95055b VariantClear 6812 94f72b 4 API calls 6811->6812 6813 95056d 6812->6813 6814 95d100 4 API calls 6813->6814 6815 94fbd2 6814->6815 6815->6774 6821 95057c 6815->6821 6816->6811 6817 94f72b 4 API calls 6816->6817 6818 95052c _wtoi 6816->6818 6817->6816 6819 94ca4a 7 API calls 6818->6819 6820 950540 SysFreeString 6819->6820 6820->6816 6822 950588 __EH_prolog3_GS 6821->6822 6823 94f15e 9 API calls 6822->6823 6831 9505a3 6823->6831 6824 9506c8 VariantClear 6825 94f72b 4 API calls 6824->6825 6826 9506da 6825->6826 6827 95d100 4 API calls 6826->6827 6828 94fbdd 6827->6828 6828->6774 6837 94fbf6 6828->6837 6829 94f72b 4 API calls 6829->6831 6830 950790 12 API calls 6830->6831 6831->6824 6831->6829 6831->6830 6835 94ca4a 7 API calls 6831->6835 6850 95d7cd __iob_func 6831->6850 6851 95d7cd __iob_func 6831->6851 6833 950668 fprintf 6833->6831 6835->6831 6836 950690 fprintf 6836->6831 6838 94fc05 __EH_prolog3_GS 6837->6838 6839 94f15e 9 API calls 6838->6839 6848 94fc24 6839->6848 6840 94fd0a 6841 94f72b 4 API calls 6840->6841 6842 94fd15 VariantClear 6841->6842 6843 95d100 4 API calls 6842->6843 6844 94fd29 6843->6844 6844->6774 6845 94f72b 4 API calls 6845->6848 6848->6840 6848->6845 6849 949cf3 2 API calls 6848->6849 6852 94fffd 6848->6852 6916 94ca85 6848->6916 6849->6848 6850->6833 6851->6836 6853 950009 __EH_prolog3_GS 6852->6853 6933 95086d 6853->6933 6856 950072 6951 950a54 6856->6951 6857 94a1b9 2 API calls 6860 950466 6857->6860 6858 94c26e memcpy 6861 95004b 6858->6861 6863 95d100 4 API calls 6860->6863 6864 950062 6861->6864 6866 94a205 memcpy 6861->6866 6865 95046d 6863->6865 6867 94a1b9 2 API calls 6864->6867 6865->6848 6866->6864 6867->6856 6870 950a84 12 API calls 6871 9500d3 6870->6871 6872 9509aa 12 API calls 6871->6872 6915 950430 6871->6915 6873 9500f7 6872->6873 6874 950a84 12 API calls 6873->6874 6873->6915 6875 950121 6874->6875 6876 950a84 12 API calls 6875->6876 6875->6915 6877 950148 6876->6877 6878 950a84 12 API calls 6877->6878 6877->6915 6879 95016f 6878->6879 6880 950a84 12 API calls 6879->6880 6879->6915 6881 950196 6880->6881 6882 950a54 12 API calls 6881->6882 6881->6915 6883 9501bd 6882->6883 6884 9509aa 12 API calls 6883->6884 6883->6915 6885 9501e1 6884->6885 6886 950a84 12 API calls 6885->6886 6885->6915 6887 950211 6886->6887 6888 950a84 12 API calls 6887->6888 6887->6915 6889 95023c 6888->6889 6890 950a84 12 API calls 6889->6890 6889->6915 6891 950269 6890->6891 6892 950a84 12 API calls 6891->6892 6891->6915 6893 950294 6892->6893 6893->6915 6965 94fe7d 6893->6965 6896 950a54 12 API calls 6897 9502d0 6896->6897 6898 950a54 12 API calls 6897->6898 6897->6915 6899 9502f8 6898->6899 6900 950a54 12 API calls 6899->6900 6899->6915 6901 950323 6900->6901 6902 950a54 12 API calls 6901->6902 6901->6915 6903 95034a 6902->6903 6904 9509aa 12 API calls 6903->6904 6903->6915 6905 95036e 6904->6905 6906 9509aa 12 API calls 6905->6906 6905->6915 6907 95039c 6906->6907 6908 9506e9 12 API calls 6907->6908 6907->6915 6909 9503c6 6908->6909 6910 950a84 12 API calls 6909->6910 6909->6915 6911 9503ea 6910->6911 6912 9509aa 12 API calls 6911->6912 6911->6915 6913 95040a 6912->6913 6914 9506e9 12 API calls 6913->6914 6913->6915 6914->6915 6915->6857 6917 94ca94 __EH_prolog3_GS 6916->6917 6918 94a7ef memcpy 6917->6918 6919 94caa5 6918->6919 6920 94caeb 6919->6920 6921 94cab6 6919->6921 6922 94caf8 6920->6922 6924 94ea9a 13 API calls 6920->6924 6923 94cad1 6921->6923 6926 94ea9a 13 API calls 6921->6926 6925 94cae6 6922->6925 6927 94ee7b memmove 6922->6927 6923->6925 6929 94ee7b memmove 6923->6929 6924->6922 6928 949cf3 2 API calls 6925->6928 6926->6923 6927->6925 6930 94cb17 6928->6930 6929->6925 6931 95d100 4 API calls 6930->6931 6932 94cb1c 6931->6932 6932->6848 6934 95087c __EH_prolog3_GS 6933->6934 6935 94f15e 9 API calls 6934->6935 6941 9508a5 6935->6941 6936 950983 VariantClear 6937 94f72b 4 API calls 6936->6937 6938 95099b 6937->6938 6939 95d100 4 API calls 6938->6939 6940 950030 6939->6940 6940->6856 6940->6858 6940->6915 6941->6936 6942 950977 SysFreeString 6941->6942 6943 9508ff memset 6941->6943 6942->6936 6944 95091f 6943->6944 6944->6944 6945 95092a WideCharToMultiByte 6944->6945 6946 94a144 2 API calls 6945->6946 6947 950961 6946->6947 6948 94ea01 3 API calls 6947->6948 6949 950969 6948->6949 6950 94a1b9 2 API calls 6949->6950 6950->6942 6952 9506e9 12 API calls 6951->6952 6953 950081 6952->6953 6953->6915 6954 9509aa 6953->6954 6955 9509b6 __EH_prolog3_GS 6954->6955 6956 94f15e 9 API calls 6955->6956 6962 9509cf 6956->6962 6957 950a33 VariantClear 6958 94f72b 4 API calls 6957->6958 6959 950a45 6958->6959 6960 95d100 4 API calls 6959->6960 6961 9500a5 6960->6961 6961->6870 6961->6915 6962->6957 6963 950a18 _wtoi64 6962->6963 6964 950a2a SysFreeString 6962->6964 6963->6964 6964->6957 6966 94fe89 __EH_prolog3_GS 6965->6966 6967 94f15e 9 API calls 6966->6967 6973 94feaa 6967->6973 6968 94ffdc VariantClear 6969 94f72b 4 API calls 6968->6969 6970 94ffee 6969->6970 6971 95d100 4 API calls 6970->6971 6972 94fff5 6971->6972 6972->6896 6972->6915 6973->6968 6974 94ffd4 6973->6974 6976 95086d 18 API calls 6973->6976 6975 94f72b 4 API calls 6974->6975 6975->6968 6979 94ff4b 6976->6979 6977 94ff92 6978 94a1b9 2 API calls 6977->6978 6978->6974 6979->6977 6980 94c383 memcmp 6979->6980 6981 94ff70 6980->6981 6981->6977 6982 94c383 memcmp 6981->6982 6983 94ff8e 6982->6983 6983->6977 6984 94c383 memcmp 6983->6984 6985 94ffb2 6984->6985 6985->6977 6987 94fd31 6985->6987 6988 94fd3d __EH_prolog3_GS 6987->6988 6989 94f15e 9 API calls 6988->6989 6995 94fd5e 6989->6995 6990 94fe5c VariantClear 6991 94f72b 4 API calls 6990->6991 6992 94fe6e 6991->6992 6993 95d100 4 API calls 6992->6993 6994 94fe75 6993->6994 6994->6977 6995->6990 6996 94fe54 6995->6996 6998 9509aa 12 API calls 6995->6998 6997 94f72b 4 API calls 6996->6997 6997->6990 6999 94fdea 6998->6999 6999->6996 7000 95086d 18 API calls 6999->7000 7001 94fe2a 7000->7001 7002 94fe49 7001->7002 7004 94c26e memcpy 7001->7004 7003 94a1b9 2 API calls 7002->7003 7003->6996 7005 94fe42 7004->7005 7007 94c9c7 7005->7007 7008 94c9d3 7007->7008 7009 94c9ee 7008->7009 7011 94a205 memcpy 7008->7011 7010 94a1b9 2 API calls 7009->7010 7012 94c9fa 7010->7012 7011->7009 7012->7002 7013 954d63 7014 954da2 7013->7014 7015 954d7c 7013->7015 7016 954d82 7014->7016 7020 9556de 7014->7020 7015->7016 7017 954d8b memmove 7015->7017 7017->7016 7021 954db0 memset 7020->7021 7022 9556f3 7020->7022 7021->7016 7023 95572a 7022->7023 7025 9556fd 7022->7025 7024 94c465 2 API calls 7023->7024 7026 95572f 7024->7026 7028 955e88 7025->7028 7029 955e9c 7028->7029 7030 955eae memmove 7028->7030 7033 955eef 7029->7033 7035 95ca2b 2 API calls 7029->7035 7031 955ed6 7030->7031 7032 955ecd ??3@YAXPAX 7030->7032 7031->7021 7032->7031 7034 95cbe6 std::tr1::_Xmem 2 API calls 7033->7034 7038 955ef4 7034->7038 7036 955ea7 7035->7036 7036->7030 7036->7033 7037 955f26 7043 955f55 7037->7043 7044 955f49 ??3@YAXPAX 7037->7044 7038->7037 7039 955f70 7038->7039 7041 95ca2b 2 API calls 7038->7041 7040 95cbe6 std::tr1::_Xmem 2 API calls 7039->7040 7045 955f75 7040->7045 7042 955f1f 7041->7042 7042->7037 7042->7039 7043->7021 7044->7043 7046 95566f 4 API calls 7045->7046 7047 955f8f 7046->7047 7048 955fc9 7047->7048 7049 955927 7 API calls 7047->7049 7048->7021 7050 955fc0 ??3@YAXPAX 7049->7050 7050->7048 7051 95b8ec 7052 95b924 7051->7052 7053 95834c 8 API calls 7052->7053 7067 95b933 7053->7067 7054 95ba96 7055 95834c 8 API calls 7054->7055 7056 95baa5 7055->7056 7057 95834c 8 API calls 7056->7057 7058 95bad5 7057->7058 7059 95834c 8 API calls 7058->7059 7060 95baee 7059->7060 7061 95834c 8 API calls 7060->7061 7063 95bb0b 7061->7063 7062 95834c 8 API calls 7062->7067 7064 95834c 8 API calls 7063->7064 7065 95bb24 7064->7065 7066 95834c 8 API calls 7065->7066 7068 95bb2f 7066->7068 7067->7054 7067->7062 7069 95834c 8 API calls 7068->7069 7070 95bb3a 7069->7070 7071 95d2ee GetModuleHandleA 7072 95d2ff 7071->7072

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00951F60 Relevance: 116.5, APIs: 35, Strings: 31, Instructions: 1033filesynchronizationthreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00951F6A
                                                                                                                                                                                                                  • srand.MSVCRT ref: 00951FFE
                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00952066
                                                                                                                                                                                                                  • SetThreadGroupAffinity.KERNELBASE(00000000,?,00000000), ref: 00952073
                                                                                                                                                                                                                  • atoi.MSVCRT ref: 0095212D
                                                                                                                                                                                                                  • sprintf_s.MSVCRT ref: 00952146
                                                                                                                                                                                                                  • isalpha.MSVCRT ref: 00952161
                                                                                                                                                                                                                  • sprintf_s.MSVCRT ref: 00952188
                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(?,-C0000001,00000003,00000000,00000003,00000080,00000000,?), ref: 0095223D
                                                                                                                                                                                                                  • SetFileInformationByHandle.KERNEL32(?,0000000C,?,00000004), ref: 009522EC
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(?,?), ref: 00952338
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0095234B
                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 009524C2
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009526CF
                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000010,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00952707
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00952715
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00952744
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 00952785
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 009527FD
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00952856
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00952861
                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000004,?,?,?), ref: 009528F9
                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000010,00000001,00000004,?,00000000,?,00000004,?,?,?), ref: 00952955
                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000010,00000000,00000000,00000000,00000004,?,00000000,?,00000004,?,?,?), ref: 00952979
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00952A57
                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000010,00000000,?,00000000,00000000), ref: 00952A8F
                                                                                                                                                                                                                    • Part of subcall function 0095813D: GetTickCount64.KERNEL32 ref: 00958148
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00952ACE
                                                                                                                                                                                                                  • CreateIoCompletionPort.KERNELBASE(00000010,?,00000000,00000001,?,?), ref: 00952B1D
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00952B42
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00952C72
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,00000001,?,?), ref: 00952D1E
                                                                                                                                                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00952D95
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 00952DAA
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00952DC3
                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 00952DD1
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • SeLockMemoryPrivilege, xrefs: 009520BC
                                                                                                                                                                                                                  • FATAL ERROR: invalid filename, xrefs: 0095282A
                                                                                                                                                                                                                  • thread %u starting: file '%s' relative thread %u file offset: %I64u (starting in block: %I64u), xrefs: 009524E2
                                                                                                                                                                                                                  • ERROR:, xrefs: 009520B7
                                                                                                                                                                                                                  • Error setting IO priority for file: %s [%u], xrefs: 0095274C
                                                                                                                                                                                                                  • Error setting file pointer. Error code: %d., xrefs: 0095271C
                                                                                                                                                                                                                  • Error getting file size, xrefs: 00952756
                                                                                                                                                                                                                  • t[%u:%u] initial I/O op at %I64u (starting in block: %I64u), xrefs: 00952C93
                                                                                                                                                                                                                  • thread %u started (random seed: %u), xrefs: 0095254C
                                                                                                                                                                                                                  • Warning: thread %u transfered %u bytes instead of %u bytes, xrefs: 009529A2
                                                                                                                                                                                                                  • thread %u: Error setting file pointer, xrefs: 00952AB1
                                                                                                                                                                                                                  • Warning - file size is less than MaxFileSize, xrefs: 00952389
                                                                                                                                                                                                                  • write, xrefs: 00952AC9, 00952AD5
                                                                                                                                                                                                                  • t[%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 00952A71
                                                                                                                                                                                                                  • Error opening file: %s [%u], xrefs: 00952805
                                                                                                                                                                                                                  • thread %u: received signal to start, xrefs: 0095287A, 00952D35
                                                                                                                                                                                                                  • Failed to disable local caching (error %u). NOTE: only supported on remote filesystems with Windows 8 or newer., xrefs: 00952727
                                                                                                                                                                                                                  • t[%u:%u] error during %s error code: %u), xrefs: 00952ADE
                                                                                                                                                                                                                  • FATAL ERROR: Could not allocate a buffer bytes for target '%s'. Error code: 0x%x, xrefs: 0095278D
                                                                                                                                                                                                                  • affinitizing thread %u to Group %u / CPU %u, xrefs: 00952032
                                                                                                                                                                                                                  • The file is too small. File: '%s' relative thread %u size: %I64u, base offset: %I64u block size: %u, xrefs: 009527D3
                                                                                                                                                                                                                  • The file is too small or there has been an error during getting file size, xrefs: 00952762
                                                                                                                                                                                                                  • thread %u: waiting for a signal to start, xrefs: 0095283C, 00952D04
                                                                                                                                                                                                                  • Waiting for a signal to start failed (error code: %u), xrefs: 00952868
                                                                                                                                                                                                                  • unable to create IO completion port (error code: %u), xrefs: 00952B49
                                                                                                                                                                                                                  • Error setting affinity mask in thread %u, xrefs: 00952083
                                                                                                                                                                                                                  • \\.\%c:, xrefs: 00952176
                                                                                                                                                                                                                  • read, xrefs: 00952AC2
                                                                                                                                                                                                                  • \\.\PhysicalDrive%u, xrefs: 00952134
                                                                                                                                                                                                                  • thread %u starting: file '%s' relative thread %u random pattern, xrefs: 00952474
                                                                                                                                                                                                                  • t[%u] initial I/O op at %I64u (starting in block: %I64u), xrefs: 009526E9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$File$Unothrow_t@std@@@__ehfuncinfo$??2@$CloseCreateHandleObjectPointerSingleThreadWaitsprintf_s$??3@AffinityChangeCompletionCount64CurrentFindFreeGroupH_prolog3_InformationNotificationPortReadSizeSleepTickVirtualWrite__aulldivatoiisalphasrand
                                                                                                                                                                                                                  • String ID: ERROR:$Error getting file size$Error opening file: %s [%u]$Error setting IO priority for file: %s [%u]$Error setting affinity mask in thread %u$Error setting file pointer. Error code: %d.$FATAL ERROR: Could not allocate a buffer bytes for target '%s'. Error code: 0x%x$FATAL ERROR: invalid filename$Failed to disable local caching (error %u). NOTE: only supported on remote filesystems with Windows 8 or newer.$SeLockMemoryPrivilege$The file is too small or there has been an error during getting file size$The file is too small. File: '%s' relative thread %u size: %I64u, base offset: %I64u block size: %u$Waiting for a signal to start failed (error code: %u)$Warning - file size is less than MaxFileSize$Warning: thread %u transfered %u bytes instead of %u bytes$\\.\%c:$\\.\PhysicalDrive%u$affinitizing thread %u to Group %u / CPU %u$read$t[%u:%u] error during %s error code: %u)$t[%u:%u] initial I/O op at %I64u (starting in block: %I64u)$t[%u] initial I/O op at %I64u (starting in block: %I64u)$t[%u] new I/O op at %I64u (starting in block: %I64u)$thread %u started (random seed: %u)$thread %u starting: file '%s' relative thread %u file offset: %I64u (starting in block: %I64u)$thread %u starting: file '%s' relative thread %u random pattern$thread %u: Error setting file pointer$thread %u: received signal to start$thread %u: waiting for a signal to start$unable to create IO completion port (error code: %u)$write
                                                                                                                                                                                                                  • API String ID: 2250426-2870866691
                                                                                                                                                                                                                  • Opcode ID: b76484dacf08b3aefdb11e914896637b00d5ac97bae1a5d4d295d604b3510988
                                                                                                                                                                                                                  • Instruction ID: d7bd9a5aefa62dc0e14bf73fe2662be3a54843d6f36c38d718b7845bd77cbbe6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b76484dacf08b3aefdb11e914896637b00d5ac97bae1a5d4d295d604b3510988
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B692CF709042159FDF24CF65CC80BA9BBB5BF4A311F1480D9ED49AB292CB71AD88DF60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00951175 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000020,000000FF,000000B8,?,?), ref: 0095119B
                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?), ref: 009511A2
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 009511AC
                                                                                                                                                                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeLockMemoryPrivilege,?), ref: 009511D4
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 009511DE
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(000000FF,?,?), ref: 00951232
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastProcess$ChangeCloseCurrentFindLookupNotificationOpenPrivilegeTokenValue
                                                                                                                                                                                                                  • String ID: %s Error adjusting token privileges for %s (error code: %u)$%s Error looking up privilege value %s (error code: %u)$%s Error opening process token (error code: %u)$ERROR:$SeLockMemoryPrivilege
                                                                                                                                                                                                                  • API String ID: 3977855488-962059016
                                                                                                                                                                                                                  • Opcode ID: 2dd73bc586887fcda9dbae6756eb61c07348c84499d5167665fd2ab8240905b4
                                                                                                                                                                                                                  • Instruction ID: b0ea045a7fd4d5ae670c3a1e4cf8b6ab274f3aea2bbf838241a14a8f275d7da9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dd73bc586887fcda9dbae6756eb61c07348c84499d5167665fd2ab8240905b4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB21B370658205AFEB10AFA29C0EFBF7B7DEB81356F00022DF915D2090D6704909DBB1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00951446 Relevance: 1.5, APIs: 1, Instructions: 27nativeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 560 951446-951480 NtQuerySystemInformation call 95cfa0 563 951485-951488 560->563
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL ref: 00951471
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InformationQuerySystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3562636166-0
                                                                                                                                                                                                                  • Opcode ID: c5bfc4e2fe81eadd5c777f96be881920e2646023af1350fe1f8fa3b225fc460e
                                                                                                                                                                                                                  • Instruction ID: e95ee47d2207b8759bb7807decb2aaaf38db4b4e3cedd4befefb2a5b350d6357
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5bfc4e2fe81eadd5c777f96be881920e2646023af1350fe1f8fa3b225fc460e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EE06531618218ABDB04DF55DC12B9A7B98EB89350F05801DF806DB190C97069009B90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00951733 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 359filesleepCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 343 951733-95179e call 95d114 call 954dd7 348 9517a0-9517a3 343->348 349 9517fa-9517fc 343->349 350 9517a5-9517ba 348->350 351 951af7-951afe 349->351 352 951802 349->352 353 9517c1 350->353 354 9517bc-9517bf 350->354 355 951b04-951b09 351->355 356 951821-951828 351->356 357 951804-95181a call 958208 352->357 359 9517c4-9517ce 353->359 354->359 360 951b0a-951b0c 355->360 356->355 358 95182e-951840 356->358 369 95181c 357->369 362 951846-9518a7 call 95813d 358->362 363 951999-95199d 358->363 364 9517d5-9517e3 call 9580d1 359->364 365 9517d0-9517d3 359->365 366 951b16-951b1d call 95d0e7 360->366 367 951b0e-951b15 ??3@YAXPAX@Z 360->367 385 9518c4-9518c8 362->385 386 9518a9-9518ab 362->386 374 95199f-9519ab 363->374 375 9519b9-9519d2 GetQueuedCompletionStatus 363->375 371 9517e8-9517f5 364->371 365->364 365->371 367->366 369->351 371->350 379 9517f7 371->379 374->375 381 9519ad-9519b0 374->381 376 9519d8-951a03 375->376 377 951aea-951af5 GetLastError 375->377 383 951a05-951a1c call 951330 376->383 384 951a1f-951a34 376->384 377->351 387 951b47-951b53 call 951330 377->387 379->349 381->375 382 9519b2-9519b3 Sleep 381->382 382->375 383->384 390 951a36-951a65 call 950d77 384->390 391 951a6a-951a70 384->391 393 9518dc-9518fd call 95170c 385->393 394 9518ca-9518d8 call 94a975 385->394 386->385 392 9518ad-9518af 386->392 405 951b54-951b56 387->405 390->391 401 951a72-951a7c 391->401 402 951a8e-951ae8 call 951490 call 95d910 call 951370 call 958208 391->402 399 9518b4-9518bf call 958208 392->399 400 9518b1 392->400 411 951932-951959 call 94c075 WriteFile 393->411 412 9518ff-951930 ReadFile 393->412 394->393 418 951984-951993 399->418 400->399 401->402 407 951a7e-951a8b call 9512f0 401->407 402->351 405->360 407->402 416 95195c-95195e 411->416 412->416 422 951971-951977 416->422 423 951960-95196b GetLastError 416->423 418->362 418->363 422->418 426 951979-95197f call 9581c5 422->426 423->422 425 951b1e-951b26 423->425 427 951b2d-951b45 GetLastError call 951330 425->427 428 951b28 425->428 426->418 427->405 428->427
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00000010,00000001,?,00000000,?,?,00000060,00952D66), ref: 00951927
                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000010,00000000,00000001,00000001,?,00000000,?,?,00000060,00952D66), ref: 00951953
                                                                                                                                                                                                                    • Part of subcall function 00951490: __aullrem.LIBCMT ref: 00951502
                                                                                                                                                                                                                    • Part of subcall function 00951490: __aullrem.LIBCMT ref: 009515DE
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00951960
                                                                                                                                                                                                                  • Sleep.KERNEL32(?,?,?,00000060,00952D66), ref: 009519B3
                                                                                                                                                                                                                  • GetQueuedCompletionStatus.KERNEL32(00952D66,?,00000060,00000010,00000001,?,00000060,00952D66), ref: 009519CA
                                                                                                                                                                                                                    • Part of subcall function 0094A975: QueryPerformanceCounter.KERNEL32(00000000,00000001,00000001,?,00951E0F,000000B8,00000000,?), ref: 0094A980
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00951AB7
                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT ref: 00951B0F
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00951B2D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • t[%u:%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 00951ACF
                                                                                                                                                                                                                  • write, xrefs: 00951B28, 00951B34
                                                                                                                                                                                                                  • Warning: thread %u transferred %u bytes instead of %u bytes, xrefs: 00951A0F
                                                                                                                                                                                                                  • error during overlapped IO operation (error code: %u), xrefs: 00951B48
                                                                                                                                                                                                                  • read, xrefs: 00951B21
                                                                                                                                                                                                                  • t[%u] error during %s error code: %u), xrefs: 00951B38
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileLast__aullrem$??3@CompletionCounterPerformanceQueryQueuedReadSleepStatusUnothrow_t@std@@@Write__ehfuncinfo$??2@
                                                                                                                                                                                                                  • String ID: Warning: thread %u transferred %u bytes instead of %u bytes$error during overlapped IO operation (error code: %u)$read$t[%u:%u] new I/O op at %I64u (starting in block: %I64u)$t[%u] error during %s error code: %u)$write
                                                                                                                                                                                                                  • API String ID: 202472602-3846729189
                                                                                                                                                                                                                  • Opcode ID: 6c36bec55e41d67fd49ed7223ff851ae0338a990ac55a5495cd50154b83760ca
                                                                                                                                                                                                                  • Instruction ID: 8910e422ad812f41640c6123be85f734fd75e81fe63e510b4157d8004fba517a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c36bec55e41d67fd49ed7223ff851ae0338a990ac55a5495cd50154b83760ca
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9E14A71E00218DFCF19DFA9C894BADBBFAEF48311F154069E909AB2A6D7319C45CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00952E86 Relevance: 6.1, APIs: 4, Instructions: 60stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 474 952e86-952e9f 475 952ea6-952ebe strcpy_s 474->475 476 952ea1 474->476 478 952ec4-952ed3 475->478 479 952ec0-952ec2 475->479 477 952ea3-952ea4 476->477 480 952f17-952f24 call 95cfa0 477->480 481 952ed5 478->481 482 952f13 478->482 479->477 485 952ed7-952eda 481->485 483 952f15-952f16 482->483 483->480 487 952f0c-952f11 485->487 488 952edc-952edf 485->488 487->482 487->485 488->487 489 952ee1-952ef4 GetFileAttributesA 488->489 490 952ef6-952f07 CreateDirectoryA 489->490 491 952f09 489->491 490->491 492 952f25-952f2b GetLastError 490->492 491->487 492->483
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 00952EB3
                                                                                                                                                                                                                  • GetFileAttributesA.KERNELBASE(00000000), ref: 00952EEB
                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00952EFF
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00952F25
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AttributesCreateDirectoryErrorFileLaststrcpy_s
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 354552961-0
                                                                                                                                                                                                                  • Opcode ID: a29c27a1db4b8ae9352bc788ef56d642d0564e14038989cc190283daee639692
                                                                                                                                                                                                                  • Instruction ID: fd826f7d5f1a292b9df671046ca20d969131ad78d810939634f61c626954579b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a29c27a1db4b8ae9352bc788ef56d642d0564e14038989cc190283daee639692
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A111947190C244AAEB20CB25EC09BAA7BB89B47356F540499EDC6D20C1DBB499CDD750
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094BFD5 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 493 94bfd5-94bff4 494 94bff6-94c00e GetLargePageMinimum 493->494 495 94c010-94c017 493->495 496 94c018-94c02e VirtualAlloc 494->496 495->496 497 94c065-94c06d 496->497 498 94c030-94c033 496->498 499 94c035-94c038 498->499 500 94c053-94c062 call 94c0e3 498->500 501 94c047-94c049 499->501 502 94c03a-94c045 memset 499->502 500->497 501->500 504 94c04b-94c051 501->504 502->500 504->500 504->504
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLargePageMinimum.KERNEL32 ref: 0094BFF6
                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0094C01B
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0094C03D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocLargeMinimumPageVirtualmemset
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3383278933-0
                                                                                                                                                                                                                  • Opcode ID: 166785b2c2462b2624c2d44d4959b20c35d7f1b09df8d6207fe1c685131ecc42
                                                                                                                                                                                                                  • Instruction ID: 946d26ae64967703c8c1271385f06231af39207c9c3ce59b17ade4e2b5980367
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 166785b2c2462b2624c2d44d4959b20c35d7f1b09df8d6207fe1c685131ecc42
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 071102F1D0661ABFEF259FA58884FBBBB6CEB12340F044059E944A7241D6756849C7E0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094A58F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 506 94a58f-94a59b 507 94a59d-94a5a0 506->507 508 94a5af-94a5b2 506->508 509 94a5b5-94a5ba call 95cbe6 507->509 510 94a5a2-94a5a3 call 95ca2b 507->510 513 94a5a8-94a5ad 510->513 513->508 513->509
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::tr1::_Xmem.LIBCPMT ref: 0094A5B5
                                                                                                                                                                                                                    • Part of subcall function 0095CA2B: malloc.MSVCRT ref: 0095CA42
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 257571584-2766056989
                                                                                                                                                                                                                  • Opcode ID: 399b7a485d091a66600d6952dbfa20f3ceafde20b4a6854d3a2a6daddf43b3a4
                                                                                                                                                                                                                  • Instruction ID: 43888522f2ad3fa9ff319cd198fbc05a0d595250517bd21a4d4b4e92acd3ad89
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 399b7a485d091a66600d6952dbfa20f3ceafde20b4a6854d3a2a6daddf43b3a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BD0A7B134830B0F5F1CA17E5516D2E32CC8F88772314022D7927C65C0ED20EC00415A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094A49C Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 515 94a49c-94a4b6 call 95d187 518 94a4bd-94a4d4 515->518 519 94a4b8-94a4bb 515->519 520 94a4e7-94a4f2 call 94a58f 518->520 521 94a4d6-94a4dd 518->521 519->520 525 94a4f7-94a52a 520->525 523 94a4e4-94a4e6 521->523 524 94a4df-94a4e2 521->524 523->520 524->520 527 94a547-94a554 call 94a1b9 525->527 528 94a52c-94a530 525->528 535 94a556-94a559 527->535 536 94a55b-94a564 527->536 529 94a536 528->529 530 94a532-94a534 528->530 532 94a538-94a53a 529->532 530->532 532->527 534 94a53c-94a544 memcpy 532->534 534->527 535->536 537 94a566 536->537 538 94a568-94a571 call 95d0e7 536->538 537->538
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3_catchmemcpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1910038392-0
                                                                                                                                                                                                                  • Opcode ID: ab9586ad547ae9eb937c51ce0ea245e5ffc30e45be0ed71d77408017b100aad0
                                                                                                                                                                                                                  • Instruction ID: f97acd86e509f4286485a584a32a7fe62922022bb921551d77c257c0e98b5d9f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab9586ad547ae9eb937c51ce0ea245e5ffc30e45be0ed71d77408017b100aad0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F52124B1B442029BDB34DF58C981B7EB7B5AF84320F10061DF9526B2D1CBB0A9458B92
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0095834C Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: memsetvsprintf_s
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3742729749-0
                                                                                                                                                                                                                  • Opcode ID: fb222fe27ae9bda16461b0a8fba13c0f4e0126817601d3d63ac7533e90515062
                                                                                                                                                                                                                  • Instruction ID: da99082ae95bb75dbae7fc8482e137464966e3d7265614ffae6cc2827c3d59b3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb222fe27ae9bda16461b0a8fba13c0f4e0126817601d3d63ac7533e90515062
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4101817290014CABCF21EF95DC45FDFB3BCEF88312F00009ABA09D3100DA70AA858BA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00955DF7 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 550 955df7-955e04 call 94ebcd 552 955e09-955e2b memmove 550->552 553 955e36-955e4b 552->553 554 955e2d-955e35 ??3@YAXPAX@Z 552->554 554->553
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ??3@memmove
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1783365933-0
                                                                                                                                                                                                                  • Opcode ID: eaf9c7cdc792b662a05c2b4caff21153a385b94f57d850b2ec6552d3da6ed969
                                                                                                                                                                                                                  • Instruction ID: 656685ec4459e205fcfc524cc28c2bb68aaf0877cc00397922d558572a5f2d6c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eaf9c7cdc792b662a05c2b4caff21153a385b94f57d850b2ec6552d3da6ed969
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24F04F76004604EFC731DF29D884D97FBF9FF85360724862EE99583254D731A950DB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0095CA2B Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 555 95ca2b-95ca30 556 95ca3f-95ca4b malloc 555->556 557 95ca32-95ca3d _callnewh 556->557 558 95ca4d-95ca4e 556->558 557->556 559 95ca4f 557->559 559->559
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _callnewhmalloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2285944120-0
                                                                                                                                                                                                                  • Opcode ID: 905e66b5d4b90c54a36898b2160652ee9eeffa7618af4b397269f7adf20cb512
                                                                                                                                                                                                                  • Instruction ID: 5facd060bcf7d5e176f078fbdeac703540dd2eb5160378f8ba3ad1a439c12d21
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 905e66b5d4b90c54a36898b2160652ee9eeffa7618af4b397269f7adf20cb512
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DD0C97900C70EAA8F20DB2BEC2556A3E5DAA81B627244425FC09854A1EF21DD59E754
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094EBCD Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 564 94ebcd-94ebd9 565 94ebf2-94ebf5 564->565 566 94ebdb-94ebe0 564->566 567 94ebe2-94ebe6 call 95ca2b 566->567 568 94ebf8-94ebfd call 95cbe6 566->568 571 94ebeb-94ebf0 567->571 571->565 571->568
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::tr1::_Xmem.LIBCPMT ref: 0094EBF8
                                                                                                                                                                                                                    • Part of subcall function 0095CA2B: malloc.MSVCRT ref: 0095CA42
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 257571584-0
                                                                                                                                                                                                                  • Opcode ID: f0ad478dba8e2f6475ea0f60988791a944f8e226c44f4ae9953444f3b242845a
                                                                                                                                                                                                                  • Instruction ID: 6e7326cef38c4a4367df78aeefc2673350a1715656efd53c980cb79685e6da70
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0ad478dba8e2f6475ea0f60988791a944f8e226c44f4ae9953444f3b242845a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFD05EB170832A076F28A26F5416D2E328CDA84771354452A7927C6580DC20DC018219
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 0094D640 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR: core %u is out of range, xrefs: 0094D740, 0094D7A9
                                                                                                                                                                                                                  • ERROR: group %u is out of range, xrefs: 0094D70E
                                                                                                                                                                                                                  • ERROR: syntax error parsing affinity at highlighted character-%s, xrefs: 0094D769
                                                                                                                                                                                                                  • ERROR: incomplete affinity specification, xrefs: 0094D7C7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                                                                  • String ID: ERROR: core %u is out of range$ERROR: group %u is out of range$ERROR: incomplete affinity specification$ERROR: syntax error parsing affinity at highlighted character-%s
                                                                                                                                                                                                                  • API String ID: 383729395-1019511092
                                                                                                                                                                                                                  • Opcode ID: 74e88a107243481f70cae06655650d9f9e4923a87655b5a93a3c0847aff9f94a
                                                                                                                                                                                                                  • Instruction ID: 6341fa2860f9a15e3317c5213a367dbda69a1bde3491a58e5f64ff63bb54b3a3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74e88a107243481f70cae06655650d9f9e4923a87655b5a93a3c0847aff9f94a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57414879A8B254AFEF205B74A85EFEE6B6C8F42750F194019EC58672C3D6660D48CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00951085 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 009510AB
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 009510B8
                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(?,00070000,00000000,00000000,00000001,00000018,?,?), ref: 009510ED
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 009510F9
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0095110B
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00951115
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00951138
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR: Failed while waiting for event to be signaled (error code: %u), xrefs: 0095111C
                                                                                                                                                                                                                  • ERROR: Could not obtain drive geometry (error code: %u), xrefs: 00951129
                                                                                                                                                                                                                  • ERROR: Failed to create event (error code: %u), xrefs: 009510BF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$CloseControlCreateDeviceEventHandleObjectSingleWait
                                                                                                                                                                                                                  • String ID: ERROR: Could not obtain drive geometry (error code: %u)$ERROR: Failed to create event (error code: %u)$ERROR: Failed while waiting for event to be signaled (error code: %u)
                                                                                                                                                                                                                  • API String ID: 3935222316-3021154126
                                                                                                                                                                                                                  • Opcode ID: 7d4a07261ea214444676b55ab5f07e4c744a8b61d00e1ef0fbeb0e6c97645220
                                                                                                                                                                                                                  • Instruction ID: d2a2eaf09134dbdb87522621609db758e929f94f5f54630b59c9d03e88a687cb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d4a07261ea214444676b55ab5f07e4c744a8b61d00e1ef0fbeb0e6c97645220
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E921E272919545BF9B21DBA2DC09EBFBBBDEBC8712B100159FE01E2060DB718D04DB62
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0095D498 Relevance: 7.6, APIs: 5, Instructions: 53timethreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 0095D4CE
                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 0095D4DD
                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0095D4E6
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0095D4EF
                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0095D504
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1445889803-0
                                                                                                                                                                                                                  • Opcode ID: 092b3b54864637e4d2d084c8786aa75b53235c19497063a87f9d91034b8e807a
                                                                                                                                                                                                                  • Instruction ID: 35ec63475b811978038b8fc4542195ed37529f4c8658f30ac877afd683e1bd68
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 092b3b54864637e4d2d084c8786aa75b53235c19497063a87f9d91034b8e807a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E114971D1A208EBCB10CFA5E9486AEB7B4EB08392F554859E806D7264EB709A44DB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0095D5FA Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,0095D735,00941E98), ref: 0095D601
                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(0095D735,?,0095D735,00941E98), ref: 0095D60A
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409,?,0095D735,00941E98), ref: 0095D615
                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,0095D735,00941E98), ref: 0095D61C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3231755760-0
                                                                                                                                                                                                                  • Opcode ID: 1bfb193608ab67526145bd0b47e3a5de1992b2f6f1a69ac16b20474c68df44f8
                                                                                                                                                                                                                  • Instruction ID: d1b9e7371902f8d6bb1b2674ba3f823ca0d2d811448561f789b923257dfd6614
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bfb193608ab67526145bd0b47e3a5de1992b2f6f1a69ac16b20474c68df44f8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2D0127201C604FFC7002BE1EC0CB593F29FB44352F448408F30A86060CFB14441EB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094CEC4 Relevance: 436.0, APIs: 130, Strings: 119, Instructions: 281COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • note that this can not be specified when using completion routines, xrefs: 0094D0C0
                                                                                                                                                                                                                  • IOPs time series in addition. [default=1000, 1 second]., xrefs: 0094D031
                                                                                                                                                                                                                  • -o<count> number of outstanding I/O requests per target per thread, xrefs: 0094D135
                                                                                                                                                                                                                  • -eREGISTRY registry calls, xrefs: 0094D43B
                                                                                                                                                                                                                  • -C<seconds> cool down time - duration of the test after measurements finished [default=0s]., xrefs: 0094D00A
                                                                                                                                                                                                                  • [default inactive], xrefs: 0094D0CD
                                                                                                                                                                                                                  • -ag group affinity - affinitize threads round-robin to cores in Processor Groups 0 - n., xrefs: 0094CF4A
                                                                                                                                                                                                                  • -l Use large pages for IO buffers, xrefs: 0094D10E
                                                                                                                                                                                                                  • to CPUs 0 and 1 (each file will have threads affinitized to both CPUs) and run read test, xrefs: 0094D4BD
                                                                                                                                                                                                                  • version %s (%s), xrefs: 0094CEEF
                                                                                                                                                                                                                  • -t<count> number of threads per target (conflicts with -F), xrefs: 0094D26D
                                                                                                                                                                                                                  • -ag0,0,1,2 -ag1,0,1,2 is equivalent., xrefs: 0094CFBC
                                                                                                                                                                                                                  • -n disable default affinity (-a), xrefs: 0094D128
                                                                                                                                                                                                                  • [default=2], xrefs: 0094D14F
                                                                                                                                                                                                                  • as seen by the target will not be truly sequential. Under -si the threads, xrefs: 0094D1D1
                                                                                                                                                                                                                  • -ag#,#[,#,...]> advanced CPU affinity - affinitize threads round-robin to the CPUs provided. The g# notation, xrefs: 0094CF6E
                                                                                                                                                                                                                  • -eDISK_IO physical disk IO, xrefs: 0094D40F
                                                                                                                                                                                                                  • -j<milliseconds> interval in <milliseconds> between issuing IO bursts; see -i [default: inactive], xrefs: 0094D0F4
                                                                                                                                                                                                                  • IMPORTANT: a write test will destroy existing data without a warning, xrefs: 0094D2C8
                                                                                                                                                                                                                  • per-target: text output provides IOPs standard deviation, XML provides the full, xrefs: 0094D024
                                                                                                                                                                                                                  • Synchronization:, xrefs: 0094D355
                                                                                                                                                                                                                  • Group 0 is filled before Group 1, and so forth., xrefs: 0094CF55
                                                                                                                                                                                                                  • -i<count> number of IOs per burst; see -j [default: inactive], xrefs: 0094D0E7
                                                                                                                                                                                                                  • -? display usage information, xrefs: 0094CF3F
                                                                                                                                                                                                                  • %s -c8192K -d1 testfile.dat, xrefs: 0094D471
                                                                                                                                                                                                                  • (creates a notification event if <eventname> does not exist), xrefs: 0094D36B, 0094D370, 0094D382, 0094D394, 0094D3A9
                                                                                                                                                                                                                  • -g<bytes per ms> throughput per-thread per-target throttled to given bytes per millisecond, xrefs: 0094D0B3
                                                                                                                                                                                                                  • I/O operations per thread, disable all caching mechanisms and run block-aligned random, xrefs: 0094D48E
                                                                                                                                                                                                                  • 2.0.17a, xrefs: 0094CEEA
                                                                                                                                                                                                                  • -S equivalent to -Su, xrefs: 0094D21F
                                                                                                                                                                                                                  • Create 8192KB file and run read test on it for 1 second:, xrefs: 0094D461
                                                                                                                                                                                                                  • Additional groups/processors may be added, comma separated, or on separate parameters., xrefs: 0094CF95
                                                                                                                                                                                                                  • <partition_drive_letter>:, xrefs: 0094CF22
                                                                                                                                                                                                                  • Examples:, xrefs: 0094D454
                                                                                                                                                                                                                  • non-conflicting flags may be combined in any order; ex: -Sbw, -Suw, -Swu, xrefs: 0094D212
                                                                                                                                                                                                                  • -eNETWORK TCP/IP, UDP/IP send & receive, xrefs: 0094D430
                                                                                                                                                                                                                  • -h deprecated, see -Sh, xrefs: 0094D0DA
                                                                                                                                                                                                                  • -ys<eventname> signals event <eventname> before starting the actual run (no warmup), xrefs: 0094D360
                                                                                                                                                                                                                  • -eMEMORY_PAGE_FAULTS all page faults, xrefs: 0094D41A
                                                                                                                                                                                                                  • -Sw enable writethrough (no hardware write caching), equivalent to FILE_FLAG_WRITE_THROUGH, xrefs: 0094D260
                                                                                                                                                                                                                  • -yf<eventname> signals event <eventname> after the actual run finishes (no cooldown), xrefs: 0094D377
                                                                                                                                                                                                                  • file_path, xrefs: 0094CF0C
                                                                                                                                                                                                                  • Available options:, xrefs: 0094CF34
                                                                                                                                                                                                                  • [default=0] (starting offset = base file offset + (thread number * <offs>), xrefs: 0094D287
                                                                                                                                                                                                                  • 2016/5/01, xrefs: 0094CEE5
                                                                                                                                                                                                                  • manipulate a shared offset with InterlockedIncrement, which may reduce throughput,, xrefs: 0094D1DE
                                                                                                                                                                                                                  • -f<size>[K|M|G|b] target size - use only the first <size> bytes or KiB/MiB/GiB/blocks of the file/disk/partition,, xrefs: 0094D04B
                                                                                                                                                                                                                  • -W<seconds> warm up time - duration of the test before measurements start [default=5s], xrefs: 0094D2D5
                                                                                                                                                                                                                  • -r<align>[K|M|G|b] random I/O aligned to <align> in bytes/KiB/MiB/GiB/blocks (overrides -s), xrefs: 0094D190
                                                                                                                                                                                                                  • -S[bhruw] control caching behavior [default: caching is enabled, no writethrough], xrefs: 0094D205
                                                                                                                                                                                                                  • lasting 10 seconds:, xrefs: 0094D4C8
                                                                                                                                                                                                                  • (ignored if -r is specified, makes sense only with -o2 or greater), xrefs: 0094D169
                                                                                                                                                                                                                  • -eTHREAD thread start & end, xrefs: 0094D3F9
                                                                                                                                                                                                                  • By default, the write buffers are filled with a repeating pattern (0, 1, 2, ..., 255, 0, 1, ...), xrefs: 0094D343
                                                                                                                                                                                                                  • Event Tracing:, xrefs: 0094D3C2
                                                                                                                                                                                                                  • -Z<size>[K|M|G|b],<file> use a <size> buffer filled with data from <file> as a source for write operations., xrefs: 0094D331
                                                                                                                                                                                                                  • may be specified, and groups/cores may be repeated. If no group is specified, 0 is assumed., xrefs: 0094CF88
                                                                                                                                                                                                                  • -T<offs>[K|M|G|b] starting stride between I/O operations performed on the same target by different threads, xrefs: 0094D27A
                                                                                                                                                                                                                  • -f<rst> open file with one or more additional access hints, xrefs: 0094D065
                                                                                                                                                                                                                  • -z[seed] set random seed [with no -z, seed=0; with plain -z, seed is based on system run time], xrefs: 0094D2FC
                                                                                                                                                                                                                  • -eMEMORY_HARD_FAULTS hard faults only, xrefs: 0094D425
                                                                                                                                                                                                                  • [default = q, query perf timer (qpc)], xrefs: 0094D3D8
                                                                                                                                                                                                                  • -Sr disable local caching, with remote sw caching enabled; only valid for remote filesystems, xrefs: 0094D253
                                                                                                                                                                                                                  • %s -c1G -b4K -t2 -d10 -a0,1 testfile1.dat testfile2.dat, xrefs: 0094D4D6
                                                                                                                                                                                                                  • [default: none], xrefs: 0094D099
                                                                                                                                                                                                                  • -X<filepath> use an XML file for configuring the workload. Cannot be used with other parameters., xrefs: 0094D2EF
                                                                                                                                                                                                                  • completed I/O operations, counted separately by each thread , xrefs: 0094D183
                                                                                                                                                                                                                  • t : the FILE_ATTRIBUTE_TEMPORARY hint, xrefs: 0094D08C
                                                                                                                                                                                                                  • -Z zero buffers used for write tests, xrefs: 0094D31B
                                                                                                                                                                                                                  • -yp<eventname> stops the run when event <eventname> is set; CTRL+C is bound to this event, xrefs: 0094D39E
                                                                                                                                                                                                                  • -ePROCESS process start & end, xrefs: 0094D3EE
                                                                                                                                                                                                                  • (1=synchronous I/O, unless more than 1 thread is specified with -F), xrefs: 0094D142
                                                                                                                                                                                                                  • -Su disable software caching, equivalent to FILE_FLAG_NO_BUFFERING, xrefs: 0094D246
                                                                                                                                                                                                                  • Examples: -a0,1,2 and -ag0,0,1,2 are equivalent., xrefs: 0094CFA2
                                                                                                                                                                                                                  • -s[i]<size>[K|M|G|b] sequential stride size, offset between subsequent I/O operations, xrefs: 0094D1AA
                                                                                                                                                                                                                  • [default access=non-interlocked sequential, default stride=block size], xrefs: 0094D1B7
                                                                                                                                                                                                                  • -b<size>[K|M|G] block size in bytes or KiB/MiB/GiB [default=64K], xrefs: 0094CFC9
                                                                                                                                                                                                                  • (ignored if -r specified, -si conflicts with -T and -p), xrefs: 0094D1F8
                                                                                                                                                                                                                  • Usage: %s [options] target1 [ target2 [ target3 ...] ], xrefs: 0094CEDA
                                                                                                                                                                                                                  • specifies Processor Groups for the following CPU core #s. Multiple Processor Groups, xrefs: 0094CF7B
                                                                                                                                                                                                                  • -d<seconds> duration (in seconds) to run test [default=10s], xrefs: 0094D03E
                                                                                                                                                                                                                  • for example to test only the first sectors of a disk, xrefs: 0094D058
                                                                                                                                                                                                                  • -e<q|c|s> Use query perf timer (qpc), cycle count, or system timer respectively., xrefs: 0094D3CD
                                                                                                                                                                                                                  • -p start parallel sequential I/O operations with the same offset, xrefs: 0094D15C
                                                                                                                                                                                                                  • -ag0,0,1,2,g1,0,1,2 specifies the first three cores in groups 0 and 1., xrefs: 0094CFAF
                                                                                                                                                                                                                  • absence of this switch indicates 100%% reads, xrefs: 0094D2BB
                                                                                                                                                                                                                  • -P<count> enable printing a progress dot after each <count> [default=65536], xrefs: 0094D176
                                                                                                                                                                                                                  • -ep use paged memory for the NT Kernel Logger [default=non-paged memory], xrefs: 0094D3E3
                                                                                                                                                                                                                  • access read test lasting 10 seconds:, xrefs: 0094D499
                                                                                                                                                                                                                  • #<physical drive number>, xrefs: 0094CF17
                                                                                                                                                                                                                  • Write buffers:, xrefs: 0094D310
                                                                                                                                                                                                                  • -Sh equivalent -Suw, xrefs: 0094D239
                                                                                                                                                                                                                  • -c<size>[K|M|G|b] create files of the given size., xrefs: 0094CFF0
                                                                                                                                                                                                                  • r : the FILE_FLAG_RANDOM_ACCESS hint, xrefs: 0094D072
                                                                                                                                                                                                                  • -w<percentage> percentage of write requests (-w and -w0 are equivalent and result in a read-only workload)., xrefs: 0094D2AE
                                                                                                                                                                                                                  • -R<text|xml> output format. Default is text., xrefs: 0094D19D
                                                                                                                                                                                                                  • -Z<size>[K|M|G|b] use a <size> buffer filled with random data as a source for write operations., xrefs: 0094D326
                                                                                                                                                                                                                  • %s -b4K -t2 -r -o32 -d10 -h testfile.dat, xrefs: 0094D4A7
                                                                                                                                                                                                                  • Set block size to 4KB, create 2 threads per file, 32 overlapped (outstanding), xrefs: 0094D483
                                                                                                                                                                                                                  • -Sb enable caching (default, explicitly stated), xrefs: 0094D22C
                                                                                                                                                                                                                  • Available targets:, xrefs: 0094CF01
                                                                                                                                                                                                                  • In non-interlocked mode, threads do not coordinate, so the pattern of offsets, xrefs: 0094D1C4
                                                                                                                                                                                                                  • [default; use -n to disable default affinity], xrefs: 0094CF63
                                                                                                                                                                                                                  • -D<milliseconds> Capture IOPs statistics in intervals of <milliseconds>; these are per-thread, xrefs: 0094D017
                                                                                                                                                                                                                  • -I<priority> Set IO priority to <priority>. Available values are: 1-very low, 2-low, 3-normal (default), xrefs: 0094D101
                                                                                                                                                                                                                  • -ye<eventname> sets event <eventname> and quits, xrefs: 0094D3B0
                                                                                                                                                                                                                  • but promotes a more sequential pattern., xrefs: 0094D1EB
                                                                                                                                                                                                                  • Size can be stated in bytes or KiB/MiB/GiB/blocks, xrefs: 0094CFFD
                                                                                                                                                                                                                  • -L measure latency statistics, xrefs: 0094D11B
                                                                                                                                                                                                                  • -v verbose mode, xrefs: 0094D2A1
                                                                                                                                                                                                                  • (offset from the beginning of the file), xrefs: 0094CFE3
                                                                                                                                                                                                                  • -eIMAGE_LOAD image load, xrefs: 0094D404
                                                                                                                                                                                                                  • -F<count> total number of threads (conflicts with -t), xrefs: 0094D0A6
                                                                                                                                                                                                                  • s : the FILE_FLAG_SEQUENTIAL_SCAN hint, xrefs: 0094D07F
                                                                                                                                                                                                                  • -B<offs>[K|M|G|b] base target offset in bytes or KiB/MiB/GiB/blocks [default=0], xrefs: 0094CFD6
                                                                                                                                                                                                                  • -yr<eventname> waits on event <eventname> before starting the run (including warmup), xrefs: 0094D389
                                                                                                                                                                                                                  • Create two 1GB files, set block size to 4KB, create 2 threads per file, affinitize threads, xrefs: 0094D4B2
                                                                                                                                                                                                                  • makes sense only with #threads > 1, xrefs: 0094D294
                                                                                                                                                                                                                  • -x use completion routines instead of I/O Completion Ports, xrefs: 0094D2E2
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: printf
                                                                                                                                                                                                                  • String ID: -ag0,0,1,2 -ag1,0,1,2 is equivalent.$ -ag0,0,1,2,g1,0,1,2 specifies the first three cores in groups 0 and 1.$ (1=synchronous I/O, unless more than 1 thread is specified with -F)$ (ignored if -r is specified, makes sense only with -o2 or greater)$ (ignored if -r specified, -si conflicts with -T and -p)$ (offset from the beginning of the file)$ Additional groups/processors may be added, comma separated, or on separate parameters.$ Examples: -a0,1,2 and -ag0,0,1,2 are equivalent.$ Group 0 is filled before Group 1, and so forth.$ IMPORTANT: a write test will destroy existing data without a warning$ IOPs time series in addition. [default=1000, 1 second].$ In non-interlocked mode, threads do not coordinate, so the pattern of offsets$ Size can be stated in bytes or KiB/MiB/GiB/blocks$ [default = q, query perf timer (qpc)]$ [default access=non-interlocked sequential, default stride=block size]$ [default inactive]$ [default: none]$ [default; use -n to disable default affinity]$ [default=0] (starting offset = base file offset + (thread number * <offs>)$ [default=2]$ as seen by the target will not be truly sequential. Under -si the threads$ but promotes a more sequential pattern.$ completed I/O operations, counted separately by each thread $ for example to test only the first sectors of a disk$ makes sense only with #threads > 1$ manipulate a shared offset with InterlockedIncrement, which may reduce throughput,$ may be specified, and groups/cores may be repeated. If no group is specified, 0 is assumed.$ non-conflicting flags may be combined in any order; ex: -Sbw, -Suw, -Swu$ note that this can not be specified when using completion routines$ per-target: text output provides IOPs standard deviation, XML provides the full$ r : the FILE_FLAG_RANDOM_ACCESS hint$ s : the FILE_FLAG_SEQUENTIAL_SCAN hint$ specifies Processor Groups for the following CPU core #s. Multiple Processor Groups$ t : the FILE_ATTRIBUTE_TEMPORARY hint$ absence of this switch indicates 100%% reads$ (creates a notification event if <eventname> does not exist)$ #<physical drive number>$ <partition_drive_letter>:$ file_path$ %s -b4K -t2 -r -o32 -d10 -h testfile.dat$ %s -c1G -b4K -t2 -d10 -a0,1 testfile1.dat testfile2.dat$ %s -c8192K -d1 testfile.dat$ -? display usage information$ -B<offs>[K|M|G|b] base target offset in bytes or KiB/MiB/GiB/blocks [default=0]$ -C<seconds> cool down time - duration of the test after measurements finished [default=0s].$ -D<milliseconds> Capture IOPs statistics in intervals of <milliseconds>; these are per-thread$ -F<count> total number of threads (conflicts with -t)$ -I<priority> Set IO priority to <priority>. Available values are: 1-very low, 2-low, 3-normal (default)$ -L measure latency statistics$ -P<count> enable printing a progress dot after each <count> [default=65536]$ -R<text|xml> output format. Default is text.$ -S equivalent to -Su$ -S[bhruw] control caching behavior [default: caching is enabled, no writethrough]$ -Sb enable caching (default, explicitly stated)$ -Sh equivalent -Suw$ -Sr disable local caching, with remote sw caching enabled; only valid for remote filesystems$ -Su disable software caching, equivalent to FILE_FLAG_NO_BUFFERING$ -Sw enable writethrough (no hardware write caching), equivalent to FILE_FLAG_WRITE_THROUGH$ -T<offs>[K|M|G|b] starting stride between I/O operations performed on the same target by different threads$ -W<seconds> warm up time - duration of the test before measurements start [default=5s]$ -X<filepath> use an XML file for configuring the workload. Cannot be used with other parameters.$ -Z zero buffers used for write tests$ -Z<size>[K|M|G|b] use a <size> buffer filled with random data as a source for write operations.$ -Z<size>[K|M|G|b],<file> use a <size> buffer filled with data from <file> as a source for write operations.$ -ag group affinity - affinitize threads round-robin to cores in Processor Groups 0 - n.$ -ag#,#[,#,...]> advanced CPU affinity - affinitize threads round-robin to the CPUs provided. The g# notation$ -b<size>[K|M|G] block size in bytes or KiB/MiB/GiB [default=64K]$ -c<size>[K|M|G|b] create files of the given size.$ -d<seconds> duration (in seconds) to run test [default=10s]$ -e<q|c|s> Use query perf timer (qpc), cycle count, or system timer respectively.$ -eDISK_IO physical disk IO$ -eIMAGE_LOAD image load$ -eMEMORY_HARD_FAULTS hard faults only$ -eMEMORY_PAGE_FAULTS all page faults$ -eNETWORK TCP/IP, UDP/IP send & receive$ -ePROCESS process start & end$ -eREGISTRY registry calls$ -eTHREAD thread start & end$ -ep use paged memory for the NT Kernel Logger [default=non-paged memory]$ -f<rst> open file with one or more additional access hints$ -f<size>[K|M|G|b] target size - use only the first <size> bytes or KiB/MiB/GiB/blocks of the file/disk/partition,$ -g<bytes per ms> throughput per-thread per-target throttled to given bytes per millisecond$ -h deprecated, see -Sh$ -i<count> number of IOs per burst; see -j [default: inactive]$ -j<milliseconds> interval in <milliseconds> between issuing IO bursts; see -i [default: inactive]$ -l Use large pages for IO buffers$ -n disable default affinity (-a)$ -o<count> number of outstanding I/O requests per target per thread$ -p start parallel sequential I/O operations with the same offset$ -r<align>[K|M|G|b] random I/O aligned to <align> in bytes/KiB/MiB/GiB/blocks (overrides -s)$ -s[i]<size>[K|M|G|b] sequential stride size, offset between subsequent I/O operations$ -t<count> number of threads per target (conflicts with -F)$ -v verbose mode$ -w<percentage> percentage of write requests (-w and -w0 are equivalent and result in a read-only workload).$ -x use completion routines instead of I/O Completion Ports$ -ye<eventname> sets event <eventname> and quits$ -yf<eventname> signals event <eventname> after the actual run finishes (no cooldown)$ -yp<eventname> stops the run when event <eventname> is set; CTRL+C is bound to this event$ -yr<eventname> waits on event <eventname> before starting the run (including warmup)$ -ys<eventname> signals event <eventname> before starting the actual run (no warmup)$ -z[seed] set random seed [with no -z, seed=0; with plain -z, seed is based on system run time]$ By default, the write buffers are filled with a repeating pattern (0, 1, 2, ..., 255, 0, 1, ...)$2.0.17a$2016/5/01$Available options:$Available targets:$Create 8192KB file and run read test on it for 1 second:$Create two 1GB files, set block size to 4KB, create 2 threads per file, affinitize threads$Event Tracing:$Examples:$I/O operations per thread, disable all caching mechanisms and run block-aligned random$Set block size to 4KB, create 2 threads per file, 32 overlapped (outstanding)$Synchronization:$Usage: %s [options] target1 [ target2 [ target3 ...] ]$Write buffers:$access read test lasting 10 seconds:$lasting 10 seconds:$to CPUs 0 and 1 (each file will have threads affinitized to both CPUs) and run read test$version %s (%s)
                                                                                                                                                                                                                  • API String ID: 3524737521-2699309960
                                                                                                                                                                                                                  • Opcode ID: 652331866bbd39b26b282e1d27264c628fc5f268cb89c080be02dab9e3aa0352
                                                                                                                                                                                                                  • Instruction ID: 0779861dd6fc289208a3f5ed971197b797d284fb35710b6a1558204a4eed0817
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 652331866bbd39b26b282e1d27264c628fc5f268cb89c080be02dab9e3aa0352
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7D1B27556CB80DFC7142FA4A84D95DBAF4AA4B706B038C0DFEC6852A1CBF441D0AF22
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094BB91 Relevance: 66.9, APIs: 18, Strings: 20, Instructions: 356COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR: -g throughput control cannot be used with -x completion routines, xrefs: 0094BDBD
                                                                                                                                                                                                                  • WARNING: -z is ignored if -r is not provided, xrefs: 0094BE93
                                                                                                                                                                                                                  • ERROR: -si conflicts with -p, xrefs: 0094BEDC
                                                                                                                                                                                                                  • ERROR: affinity assignment to group %u core %u not possible; core is not active (current mask 0x%Ix), xrefs: 0094BCFF
                                                                                                                                                                                                                  • ERROR: -p conflicts with -r, xrefs: 0094BE61
                                                                                                                                                                                                                  • ERROR: -si conflicts with -r, xrefs: 0094BE3C
                                                                                                                                                                                                                  • WARNING: target access pattern will not be sequential, consider -si, xrefs: 0094BF23
                                                                                                                                                                                                                  • ERROR: no timespans specified, xrefs: 0094BBFB
                                                                                                                                                                                                                  • ERROR: -T conflicts with -r, xrefs: 0094BE1B
                                                                                                                                                                                                                  • WARNING: Complete CPU utilization cannot currently be gathered within DISKSPD for this system. Use alternate mechanisms to gather this data such as perfmon/logman. Active KGroups %u > 1 and/or processor count %u > 64., xrefs: 0094BBC5
                                                                                                                                                                                                                  • ERROR: -n and -a parameters cannot be used together, xrefs: 0094BD3C
                                                                                                                                                                                                                  • WARNING: single-threaded test, -si ignored, xrefs: 0094BEFE
                                                                                                                                                                                                                  • ERROR: affinity assignment to group %u core %u not possible; group only has %u cores, xrefs: 0094BCAA
                                                                                                                                                                                                                  • ERROR: -F and -t parameters cannot be used together, xrefs: 0094BD96
                                                                                                                                                                                                                  • ERROR: affinity assignment to group %u; system only has %u groups, xrefs: 0094BC5C
                                                                                                                                                                                                                  • ERROR: -si conflicts with -T, xrefs: 0094BEBB
                                                                                                                                                                                                                  • WARNING: -p does not have effect unless outstanding I/O count (-o) is > 1, xrefs: 0094BE77
                                                                                                                                                                                                                  • ERROR: -T has no effect unless multiple threads per target are used, xrefs: 0094BF2F
                                                                                                                                                                                                                  • ERROR: custom write buffer (-Z) is smaller than the block size. Write buffer size: %I64u block size: %u, xrefs: 0094BF68
                                                                                                                                                                                                                  • ERROR: need to specify -j<think time> with -i<burst size>, xrefs: 0094BDEE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fprintf$__iob_func
                                                                                                                                                                                                                  • String ID: ERROR: -F and -t parameters cannot be used together$ERROR: -T conflicts with -r$ERROR: -T has no effect unless multiple threads per target are used$ERROR: -g throughput control cannot be used with -x completion routines$ERROR: -n and -a parameters cannot be used together$ERROR: -p conflicts with -r$ERROR: -si conflicts with -T$ERROR: -si conflicts with -p$ERROR: -si conflicts with -r$ERROR: affinity assignment to group %u core %u not possible; core is not active (current mask 0x%Ix)$ERROR: affinity assignment to group %u core %u not possible; group only has %u cores$ERROR: affinity assignment to group %u; system only has %u groups$ERROR: custom write buffer (-Z) is smaller than the block size. Write buffer size: %I64u block size: %u$ERROR: need to specify -j<think time> with -i<burst size>$ERROR: no timespans specified$WARNING: -p does not have effect unless outstanding I/O count (-o) is > 1$WARNING: -z is ignored if -r is not provided$WARNING: Complete CPU utilization cannot currently be gathered within DISKSPD for this system. Use alternate mechanisms to gather this data such as perfmon/logman. Active KGroups %u > 1 and/or processor count %u > 64.$WARNING: single-threaded test, -si ignored$WARNING: target access pattern will not be sequential, consider -si
                                                                                                                                                                                                                  • API String ID: 2177900033-102208394
                                                                                                                                                                                                                  • Opcode ID: c554d67a20dd6029846a2761a19b18703274af6cfbfb32183ac3e0716a7ebdba
                                                                                                                                                                                                                  • Instruction ID: b40bb152e3a2953cfcba200109dab1e1d3a7d90c3bce6d7f2bf7b7bf8ed136d5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c554d67a20dd6029846a2761a19b18703274af6cfbfb32183ac3e0716a7ebdba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26C1077150C340AEE724AB28D84FF2BBBD8EF85715F14884EF489961D2D7B0E944CB56
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094B845 Relevance: 66.8, APIs: 1, Strings: 37, Instructions: 281COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • sprintf_s.MSVCRT ref: 0094B8BC
                                                                                                                                                                                                                    • Part of subcall function 0094B41D: sprintf_s.MSVCRT ref: 0094B51C
                                                                                                                                                                                                                    • Part of subcall function 0094B41D: sprintf_s.MSVCRT ref: 0094B550
                                                                                                                                                                                                                    • Part of subcall function 0094A1B9: memcpy.MSVCRT ref: 0094A1DB
                                                                                                                                                                                                                    • Part of subcall function 0094A1B9: ??3@YAXPAX@Z.MSVCRT ref: 0094A1E4
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: sprintf_s$??3@memcpy
                                                                                                                                                                                                                  • String ID: </Profile>$</TimeSpans>$<DiskIO>false</DiskIO>$<DiskIO>true</DiskIO>$<ImageLoad>false</ImageLoad>$<ImageLoad>true</ImageLoad>$<MemoryHardFaults>false</MemoryHardFaults>$<MemoryHardFaults>true</MemoryHardFaults>$<MemoryPageFaults>false</MemoryPageFaults>$<MemoryPageFaults>true</MemoryPageFaults>$<Network>false</Network>$<Network>true</Network>$<PrecreateFiles>CreateOnlyFilesWithConstantOrZeroSizes</PrecreateFiles>$<PrecreateFiles>CreateOnlyFilesWithConstantSizes</PrecreateFiles>$<PrecreateFiles>UseMaxSize</PrecreateFiles>$<Process>false</Process>$<Process>true</Process>$<Profile>$<Progress>%u</Progress>$<Registry>false</Registry>$<Registry>true</Registry>$<ResultFormat>* UNSUPPORTED *</ResultFormat>$<ResultFormat>text</ResultFormat>$<ResultFormat>xml</ResultFormat>$<Thread>false</Thread>$<Thread>true</Thread>$<TimeSpans>$<UseCyclesCounter>false</UseCyclesCounter>$<UseCyclesCounter>true</UseCyclesCounter>$<UsePagedMemory>false</UsePagedMemory>$<UsePagedMemory>true</UsePagedMemory>$<UsePerfTimer>false</UsePerfTimer>$<UsePerfTimer>true</UsePerfTimer>$<UseSystemTimer>false</UseSystemTimer>$<UseSystemTimer>true</UseSystemTimer>$<Verbose>false</Verbose>$<Verbose>true</Verbose>
                                                                                                                                                                                                                  • API String ID: 615691289-2790193338
                                                                                                                                                                                                                  • Opcode ID: c8498a3a7869a6dbb5a1e9da691ad0edb9665c5924839d524e965e446035516c
                                                                                                                                                                                                                  • Instruction ID: 6c03848bcc516e0fe0b8488873a8e00881c755d1e133e7e07c6d941dda32f0cb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8498a3a7869a6dbb5a1e9da691ad0edb9665c5924839d524e965e446035516c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2381E3A2D056643EEB34A7218C55FBF66DCBF85324F4801BAF90667382CF68AD4447E1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094B41D Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 269COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: sprintf_s
                                                                                                                                                                                                                  • String ID: </Affinity>$</Targets>$</TimeSpan>$<Affinity>$<AffinityGroupAssignment Group="%u" Processor="%u"/>$<CalculateIopsStdDev>false</CalculateIopsStdDev>$<CalculateIopsStdDev>true</CalculateIopsStdDev>$<CompletionRoutines>false</CompletionRoutines>$<CompletionRoutines>true</CompletionRoutines>$<Cooldown>%u</Cooldown>$<DisableAffinity>false</DisableAffinity>$<DisableAffinity>true</DisableAffinity>$<Duration>%u</Duration>$<IoBucketDuration>%u</IoBucketDuration>$<MeasureLatency>false</MeasureLatency>$<MeasureLatency>true</MeasureLatency>$<RandSeed>%u</RandSeed>$<Targets>$<ThreadCount>%u</ThreadCount>$<TimeSpan>$<Warmup>%u</Warmup>
                                                                                                                                                                                                                  • API String ID: 2907819478-3937871512
                                                                                                                                                                                                                  • Opcode ID: 8200d356defc2d79c92832386da0e656765541a582684042a354608ee2c25bc6
                                                                                                                                                                                                                  • Instruction ID: 3817261ac6ded97b6265b519f309ca4d010914058032e5c97b95fab84eacc778
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8200d356defc2d79c92832386da0e656765541a582684042a354608ee2c25bc6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F59192B2D042587BDB30EB618C45FAFB6BCEF84364F04056DF55693242DA78AE848B60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094FFFD Relevance: 45.9, APIs: 1, Strings: 25, Instructions: 367COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00950004
                                                                                                                                                                                                                    • Part of subcall function 0095086D: __EH_prolog3_GS.LIBCMT ref: 00950877
                                                                                                                                                                                                                    • Part of subcall function 0095086D: memset.MSVCRT ref: 0095090E
                                                                                                                                                                                                                    • Part of subcall function 0095086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00950949
                                                                                                                                                                                                                    • Part of subcall function 0095086D: SysFreeString.OLEAUT32(?), ref: 0095097D
                                                                                                                                                                                                                    • Part of subcall function 0095086D: VariantClear.OLEAUT32(?), ref: 0095098A
                                                                                                                                                                                                                    • Part of subcall function 009506E9: __EH_prolog3_GS.LIBCMT ref: 009506F0
                                                                                                                                                                                                                    • Part of subcall function 009506E9: _wtoi.MSVCRT ref: 0095075A
                                                                                                                                                                                                                    • Part of subcall function 009506E9: SysFreeString.OLEAUT32(?), ref: 00950769
                                                                                                                                                                                                                    • Part of subcall function 009506E9: VariantClear.OLEAUT32(?), ref: 00950773
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3_$ClearFreeStringVariant$ByteCharMultiWide_wtoimemset
                                                                                                                                                                                                                  • String ID: BaseFileOffset$BlockSize$BurstSize$DisableAllCache$DisableLocalCache$DisableOSCache$FileSize$IOPriority$InterlockedSequential$MaxFileSize$ParallelAsyncIO$Path$Random$RandomAccess$RequestCount$SequentialScan$StrideSize$TemporaryFile$ThinkTime$ThreadStride$ThreadsPerFile$Throughput$UseLargePages$WriteRatio$WriteThrough
                                                                                                                                                                                                                  • API String ID: 283221528-1607452813
                                                                                                                                                                                                                  • Opcode ID: 630e93b14de17d1cc3dc92ab2e8931553aecb0b2e0c7331dadacdd32bd5e3577
                                                                                                                                                                                                                  • Instruction ID: fdfc602233dcd3df00f6abaa699c69019282511425583c8db9018d17c31be99c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 630e93b14de17d1cc3dc92ab2e8931553aecb0b2e0c7331dadacdd32bd5e3577
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4ED1A1B2D0162AAFCB26DBA9C895F9DB7A8AB85701F050112FD50B7252D7B0EC18C7D1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00951B60 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00951C76
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • t[%u:%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 00951C90
                                                                                                                                                                                                                  • write, xrefs: 00951D78
                                                                                                                                                                                                                  • Warning: thread %u transferred %u bytes instead of %u bytes, xrefs: 00951BDF
                                                                                                                                                                                                                  • Thread %u failed executing an I/O operation (error code: %u), xrefs: 00951B8D
                                                                                                                                                                                                                  • t[%u:%u] error during %s error code: %u), xrefs: 00951D8C
                                                                                                                                                                                                                  • read, xrefs: 00951D71, 00951D84
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                  • String ID: Thread %u failed executing an I/O operation (error code: %u)$Warning: thread %u transferred %u bytes instead of %u bytes$read$t[%u:%u] error during %s error code: %u)$t[%u:%u] new I/O op at %I64u (starting in block: %I64u)$write
                                                                                                                                                                                                                  • API String ID: 885266447-1044934336
                                                                                                                                                                                                                  • Opcode ID: 840883cdc6acbff9bc75b9ffcea6afa0e0a41f69a4f5a69e99ddfbc052aea67a
                                                                                                                                                                                                                  • Instruction ID: caf4b39cf8000ca432a178cab8954f2f58a5e0a625f83619bdf31eb8de4e9cfa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 840883cdc6acbff9bc75b9ffcea6afa0e0a41f69a4f5a69e99ddfbc052aea67a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 547159755042009FCB14DF59C884F6ABBE9FF89315F0944A9FC489B266C731EC49CBA2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00950FB0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 00950FD6
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00950FE3
                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(?,00074004,00000000,00000000,?,00000020,?,00000003), ref: 00951015
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00951021
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00951033
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0095103D
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00951060
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR: Could not obtain partition info (error code: %u), xrefs: 00951051
                                                                                                                                                                                                                  • ERROR: Failed while waiting for event to be signaled (error code: %u), xrefs: 00951044
                                                                                                                                                                                                                  • ERROR: Failed to create event (error code: %u), xrefs: 00950FEA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$CloseControlCreateDeviceEventHandleObjectSingleWait
                                                                                                                                                                                                                  • String ID: ERROR: Could not obtain partition info (error code: %u)$ERROR: Failed to create event (error code: %u)$ERROR: Failed while waiting for event to be signaled (error code: %u)
                                                                                                                                                                                                                  • API String ID: 3935222316-1037057180
                                                                                                                                                                                                                  • Opcode ID: 25c812953209a4a57ce650487dfdef72e8df382d014f38b1b97cda1fbd88b28a
                                                                                                                                                                                                                  • Instruction ID: 8338cf191afc2eff75c79d1a261c0780487fa140c2611b9d45fbea81b6403e04
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25c812953209a4a57ce650487dfdef72e8df382d014f38b1b97cda1fbd88b28a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D21B332918544BF9B24DFB6DC09EAFBB7DEB89712B104129FD01E2190DB709C44D7A6
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0095057C Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00950583
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 009506CC
                                                                                                                                                                                                                    • Part of subcall function 00950790: __EH_prolog3_GS.LIBCMT ref: 00950797
                                                                                                                                                                                                                    • Part of subcall function 00950790: _wtoi.MSVCRT ref: 0095081D
                                                                                                                                                                                                                    • Part of subcall function 00950790: SysFreeString.OLEAUT32(?), ref: 0095082C
                                                                                                                                                                                                                    • Part of subcall function 00950790: SysFreeString.OLEAUT32(?), ref: 0095083D
                                                                                                                                                                                                                  • fprintf.MSVCRT ref: 0095066A
                                                                                                                                                                                                                  • fprintf.MSVCRT ref: 00950692
                                                                                                                                                                                                                    • Part of subcall function 0095D7CD: __iob_func.MSVCRT ref: 0095D7D2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR: profile specifies group assignment group %u, out of range, xrefs: 00950684
                                                                                                                                                                                                                  • Group, xrefs: 00950629
                                                                                                                                                                                                                  • ERROR: profile specifies group assignment to core %u, out of range, xrefs: 0095065C
                                                                                                                                                                                                                  • Processor, xrefs: 00950643
                                                                                                                                                                                                                  • Affinity/AffinityGroupAssignment, xrefs: 00950592
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3_String$ClearFreeVariantfprintf$AllocByteCharMultiWide__iob_func_wtoifree
                                                                                                                                                                                                                  • String ID: Affinity/AffinityGroupAssignment$ERROR: profile specifies group assignment group %u, out of range$ERROR: profile specifies group assignment to core %u, out of range$Group$Processor
                                                                                                                                                                                                                  • API String ID: 1108869389-696485494
                                                                                                                                                                                                                  • Opcode ID: 99f0cb23701c6fb603dc2e449a7e1d69ab62e9b01c66b766aa65545abc544644
                                                                                                                                                                                                                  • Instruction ID: 2e93ec46b82f92db02f9573fe3d92f8586514ad8c09eac595c17891e61692a23
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99f0cb23701c6fb603dc2e449a7e1d69ab62e9b01c66b766aa65545abc544644
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45419D71D0262AAFCF10DFA0C845AAEBBB4AF89711F010129ED11B7251C7756E49DBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00951DA7 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 146fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFileEx.KERNEL32(00000010,00000000,00000004,?,00951B60,000000B8,00000000,?), ref: 00951E66
                                                                                                                                                                                                                  • WriteFileEx.KERNEL32(00000010,00000000,?,00000000,00000004,?,00951B60,000000B8,00000000,?), ref: 00951E92
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00951EEE
                                                                                                                                                                                                                  • WaitForSingleObjectEx.KERNEL32(?,000000FF,00000001,000000B8,00000000,?), ref: 00951F20
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$ErrorLastObjectReadSingleWaitWrite
                                                                                                                                                                                                                  • String ID: Error in thread %u during WaitForSingleObjectEx (in completion routines)$read$t[%u:%u] error during %s error code: %u)$write
                                                                                                                                                                                                                  • API String ID: 781436170-3983133461
                                                                                                                                                                                                                  • Opcode ID: 7878bc6640520d5d02cd4bdc36c0cc20f04ad2e5f99147926b891f519ea71559
                                                                                                                                                                                                                  • Instruction ID: 93042b927d5283a38e3db79c7f15d1bfe7a014ada4c73c5ac1760b0faae2b722
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7878bc6640520d5d02cd4bdc36c0cc20f04ad2e5f99147926b891f519ea71559
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC516875E0061AAFCB14CF9AC881BAEBBB5FB48311F158569EC15A3250C730AC99CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094FE7D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 125COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 0094FE84
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0094FFE0
                                                                                                                                                                                                                    • Part of subcall function 0095086D: __EH_prolog3_GS.LIBCMT ref: 00950877
                                                                                                                                                                                                                    • Part of subcall function 0095086D: memset.MSVCRT ref: 0095090E
                                                                                                                                                                                                                    • Part of subcall function 0095086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00950949
                                                                                                                                                                                                                    • Part of subcall function 0095086D: SysFreeString.OLEAUT32(?), ref: 0095097D
                                                                                                                                                                                                                    • Part of subcall function 0095086D: VariantClear.OLEAUT32(?), ref: 0095098A
                                                                                                                                                                                                                    • Part of subcall function 0094C383: memcmp.MSVCRT ref: 0094C3AF
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClearH_prolog3_Variant$ByteCharMultiStringWide$AllocFreefreememcmpmemset
                                                                                                                                                                                                                  • String ID: Pattern$WriteBufferContent$random$sequential$zero
                                                                                                                                                                                                                  • API String ID: 1455204710-842192564
                                                                                                                                                                                                                  • Opcode ID: 434efd4d1dc17def218d4c3e4e90bda8308f4c1f5b455b5ab23fe76c62046930
                                                                                                                                                                                                                  • Instruction ID: d447a596ae11e1776b3ec7a40161916d42a4ae470d105234fdb73da4cbf1ffb0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 434efd4d1dc17def218d4c3e4e90bda8308f4c1f5b455b5ab23fe76c62046930
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F141D971C11229AFDB21DBA0CC65FEE7BB8AF46320F050068F901B7281DB706D49CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00949D90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • printf.MSVCRT ref: 00949DA0
                                                                                                                                                                                                                  • SetEvent.KERNEL32 ref: 00949DAD
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00949DB7
                                                                                                                                                                                                                    • Part of subcall function 0095D7CD: __iob_func.MSVCRT ref: 0095D7D2
                                                                                                                                                                                                                  • fprintf.MSVCRT ref: 00949DCC
                                                                                                                                                                                                                  • SetConsoleCtrlHandler.KERNEL32(00949D90,00000000), ref: 00949DDC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • Warning: Setting abort event failed (error code: %u), xrefs: 00949DBE
                                                                                                                                                                                                                  • *** Interrupted by Ctrl-C. Stopping I/O Request Generator. ***, xrefs: 00949D9B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConsoleCtrlErrorEventHandlerLast__iob_funcfprintfprintf
                                                                                                                                                                                                                  • String ID: *** Interrupted by Ctrl-C. Stopping I/O Request Generator. ***$Warning: Setting abort event failed (error code: %u)
                                                                                                                                                                                                                  • API String ID: 2832824574-2030963000
                                                                                                                                                                                                                  • Opcode ID: 400a4cbcc38c6c3c68c163e968c4f670ba945461624be51732226e28b9b2a822
                                                                                                                                                                                                                  • Instruction ID: 0d2d2f1afe06ed99d0d83aaf0cd9545ce883ffea6fb8fc55ec7590d09669d6af
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 400a4cbcc38c6c3c68c163e968c4f670ba945461624be51732226e28b9b2a822
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF06D31A6CA40AFE7102BB1BC0EF2B3A5DEB84716F51442DF605D00E2EAF14494E621
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00958DF8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0095834C: memset.MSVCRT ref: 00958379
                                                                                                                                                                                                                    • Part of subcall function 0095834C: vsprintf_s.MSVCRT ref: 0095838D
                                                                                                                                                                                                                  • sprintf_s.MSVCRT ref: 00958F18
                                                                                                                                                                                                                  • sprintf_s.MSVCRT ref: 00958FED
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • -------------------------------------------, xrefs: 00958E50, 00958F90
                                                                                                                                                                                                                  • CPU | Usage | User | Kernel | Idle, xrefs: 00958E41
                                                                                                                                                                                                                  • %4u| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%, xrefs: 00958F0D
                                                                                                                                                                                                                  • avg.| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%, xrefs: 00958FE2
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: sprintf_s$memsetvsprintf_s
                                                                                                                                                                                                                  • String ID: CPU | Usage | User | Kernel | Idle$%4u| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%$-------------------------------------------$avg.| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%
                                                                                                                                                                                                                  • API String ID: 1157834829-6584663
                                                                                                                                                                                                                  • Opcode ID: 81a5fbb46007e9c6a86a3afdd40a5a3c8ceda9ae3a21fab4d0e625511a480c20
                                                                                                                                                                                                                  • Instruction ID: 3dd183e75a55e77dafcded55bdf16bf2445f4e0e26fa9563ba6e52cd47e996ff
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81a5fbb46007e9c6a86a3afdd40a5a3c8ceda9ae3a21fab4d0e625511a480c20
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA518C71A08B05A7D305AF61D449A5BFBB8FBC4384F614C8CF5C4611AAEF32897897C6
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00951250 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?), ref: 00951273
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00951280
                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000902B8,00000000,00000000,00000000,00000000,00000000,?), ref: 00951297
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 009512A1
                                                                                                                                                                                                                  • GetOverlappedResult.KERNEL32(00000000,?,00000000,00000001), ref: 009512BC
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 009512C6
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009512DC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$CloseControlCreateDeviceEventHandleOverlappedResult
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2847295715-0
                                                                                                                                                                                                                  • Opcode ID: acd38f01be77d8d872a2d4ffa0569bebe3738033a2ab2b2896a0bcd35c6c1223
                                                                                                                                                                                                                  • Instruction ID: 42b2903034fe40556ea441e54c0e3e3e73163bd15890b27f8e245ee0f08a8cbd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: acd38f01be77d8d872a2d4ffa0569bebe3738033a2ab2b2896a0bcd35c6c1223
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87115E71A04619BFEB209BA6DC49BEFBB7DEB04352F000165FE05E2150D6B04D45D7E2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00955E88 Relevance: 9.2, APIs: 6, Instructions: 161COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ??3@$Xmemstd::tr1::_$mallocmemmove
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4037358618-0
                                                                                                                                                                                                                  • Opcode ID: 168484a0347d1562d3c38a26af87832fd85db87b305db53ac6d582d7b80135b4
                                                                                                                                                                                                                  • Instruction ID: e67de49d83648b19b1f29b574e77deb8936b9d376bcdda1818cac696e2ed2af1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 168484a0347d1562d3c38a26af87832fd85db87b305db53ac6d582d7b80135b4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF414572504614EFCB24DF6AD991A5AFBEDEF8A721B15816EFC04CB205DA71DD00CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094F15E Relevance: 9.1, APIs: 6, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                  • VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                  • malloc.MSVCRT ref: 0094F1E8
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                  • free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocByteCharClearH_prolog3_MultiStringVariantWidefreemalloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1623262104-0
                                                                                                                                                                                                                  • Opcode ID: 799b0b92d39752b614bfc92d4ac9b42dd6148620a2f28462ec101ce5a0f1d483
                                                                                                                                                                                                                  • Instruction ID: 764018b5191607f3cd2e4badad66df4608894ee00fd38a792964b7af25aa8395
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 799b0b92d39752b614bfc92d4ac9b42dd6148620a2f28462ec101ce5a0f1d483
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5310635904607DBCF24CF68DCA4AAD77A8EF85320B24413EE925DB291DBB48D05CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094CC0B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • Invalid size specifier '%c'. Valid ones are: K - KB, M - MB, G - GB, B - block, xrefs: 0094CCC1
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __aulldiv$fprintftoupper
                                                                                                                                                                                                                  • String ID: Invalid size specifier '%c'. Valid ones are: K - KB, M - MB, G - GB, B - block
                                                                                                                                                                                                                  • API String ID: 2363179844-1600532622
                                                                                                                                                                                                                  • Opcode ID: 31eb296472fd59dfe9646e7425e2b78f5d8e1f6b7f20212e8b3d9c026529872a
                                                                                                                                                                                                                  • Instruction ID: 2420c6b9ef39531027d5f5ff8aa484aa4d4c80e51cf3a454aa1e4b3c740ed940
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31eb296472fd59dfe9646e7425e2b78f5d8e1f6b7f20212e8b3d9c026529872a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56414DF19492519FC760CF298844F6B7FD8EBC6360F154A2AF8999B2D0D2309C05CB96
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094FD31 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 0094FD38
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0094FE60
                                                                                                                                                                                                                    • Part of subcall function 009509AA: __EH_prolog3_GS.LIBCMT ref: 009509B1
                                                                                                                                                                                                                    • Part of subcall function 009509AA: _wtoi64.MSVCRT ref: 00950A1B
                                                                                                                                                                                                                    • Part of subcall function 009509AA: SysFreeString.OLEAUT32(?), ref: 00950A2D
                                                                                                                                                                                                                    • Part of subcall function 009509AA: VariantClear.OLEAUT32(?), ref: 00950A37
                                                                                                                                                                                                                    • Part of subcall function 0095086D: __EH_prolog3_GS.LIBCMT ref: 00950877
                                                                                                                                                                                                                    • Part of subcall function 0095086D: memset.MSVCRT ref: 0095090E
                                                                                                                                                                                                                    • Part of subcall function 0095086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00950949
                                                                                                                                                                                                                    • Part of subcall function 0095086D: SysFreeString.OLEAUT32(?), ref: 0095097D
                                                                                                                                                                                                                    • Part of subcall function 0095086D: VariantClear.OLEAUT32(?), ref: 0095098A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClearH_prolog3_Variant$String$ByteCharFreeMultiWide$Alloc_wtoi64freememset
                                                                                                                                                                                                                  • String ID: FilePath$RandomDataSource$SizeInBytes
                                                                                                                                                                                                                  • API String ID: 315616386-221587684
                                                                                                                                                                                                                  • Opcode ID: 2a4fa1b67a2ae2e8d5ab560e89ba45e24acb451e212c224c216f9db108517cf5
                                                                                                                                                                                                                  • Instruction ID: 20cbd095b8c461799bb1162171cce05e8d30f4854b2bfd33e5bc9d9da22777da
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a4fa1b67a2ae2e8d5ab560e89ba45e24acb451e212c224c216f9db108517cf5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA41B231D016299FCF25EBA8C865FEEB7B4AF48711F050128ED15BB251D7706D09CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00950475 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 0095047C
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • _wtoi.MSVCRT ref: 0095052F
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00950543
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0095055F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • Affinity/AffinityAssignment, xrefs: 0095048B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoifree
                                                                                                                                                                                                                  • String ID: Affinity/AffinityAssignment
                                                                                                                                                                                                                  • API String ID: 1474463088-139104479
                                                                                                                                                                                                                  • Opcode ID: 728a1c9e56b40f4cab6359755d1de3b9e38e90059aaec4bf59c0d28fde340550
                                                                                                                                                                                                                  • Instruction ID: 7fa78f388bf3a912e8167befc235955ba7556ccf3602380c8d96cded685d9979
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 728a1c9e56b40f4cab6359755d1de3b9e38e90059aaec4bf59c0d28fde340550
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64318171D0462ADFCF15DFA9C8549AEBBB4BF89311F014058F906B7250DB70AD06DBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00950A84 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00950A8B
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • _wcsicmp.MSVCRT ref: 00950AFA
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00950B10
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00950B1A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wcsicmpfree
                                                                                                                                                                                                                  • String ID: true
                                                                                                                                                                                                                  • API String ID: 1156377413-4261170317
                                                                                                                                                                                                                  • Opcode ID: 72e8e704c27fca0eed0f0ba9253aaf3ea091bdd63dad027f088b4839d294738f
                                                                                                                                                                                                                  • Instruction ID: 1b83c37232a649d371e132ea7b8b986c3bb62794dc25cd12fdbd84e4c360828e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72e8e704c27fca0eed0f0ba9253aaf3ea091bdd63dad027f088b4839d294738f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E11EF31D0861ADFCF05DFA8C854EEE7BB4EF49315F014048E911AB261DB71AD0ADBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0095086D Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00950877
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0095090E
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00950949
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0095097D
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0095098A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharClearH_prolog3_MultiStringVariantWide$AllocFreefreememset
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3350116639-0
                                                                                                                                                                                                                  • Opcode ID: 9c0abad695d67c700d41d56b244ebeb1bd1410ea859a9f0e2c717c90349065ff
                                                                                                                                                                                                                  • Instruction ID: 6fd7ba026d17a13d2d910db3da1969543047a590984a5c1e8f38035beff8989f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c0abad695d67c700d41d56b244ebeb1bd1410ea859a9f0e2c717c90349065ff
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B318D359002299BCF24EB25CC6AFDEB779EF85700F014099FA0AA7251DA706F85CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 009513B6 Relevance: 6.3, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: rand
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 415692148-0
                                                                                                                                                                                                                  • Opcode ID: 47c18121f3b883126e1fe7367bad0a615a47d0b2edb7236d68eb334122f8b2cd
                                                                                                                                                                                                                  • Instruction ID: 5f17615d3c9d13731cc7f2e05cda59b977cb989c8f2465282db009e5490f75d8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47c18121f3b883126e1fe7367bad0a615a47d0b2edb7236d68eb334122f8b2cd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B01F773E2D62A6BE3409BA4CC863297692DB84250F0B0134FA3CD7281C97C9C21B6E1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00951490 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __aullrem$__aulldiv
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3670715282-0
                                                                                                                                                                                                                  • Opcode ID: 754fef53222c85af97132c4c6f2970ad45c246b85e278bd0114cd496febdb416
                                                                                                                                                                                                                  • Instruction ID: 541f65c5ae060b9b0ec3f82ddbcb48cd69ea0c748a4e1dbeb7b4eafa7045a879
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 754fef53222c85af97132c4c6f2970ad45c246b85e278bd0114cd496febdb416
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD5149B19083119FC714CF29C580B1ABBEAEFC8754F154A5DF884A7222DB30ED59CB96
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00950790 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00950797
                                                                                                                                                                                                                    • Part of subcall function 0094F10B: SysFreeString.OLEAUT32 ref: 0094F143
                                                                                                                                                                                                                  • _wtoi.MSVCRT ref: 0095081D
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0095082C
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0095083D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FreeString$H_prolog3__wtoi
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2138719750-0
                                                                                                                                                                                                                  • Opcode ID: caf388ac96f90256db53dc2850c7c6516aaf48d25ffbf8d1b594de5130937f3b
                                                                                                                                                                                                                  • Instruction ID: 2e76eff27bc6929bb183a440149c94cb07bb7173a2c3115db05ce6c5bcd8e4a7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: caf388ac96f90256db53dc2850c7c6516aaf48d25ffbf8d1b594de5130937f3b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89218D31A1460ADFCF14DF64CC58AAE7BB5FF89315F114058E912A72A0CB72AD46DBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 009509AA Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 009509B1
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • _wtoi64.MSVCRT ref: 00950A1B
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00950A2D
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00950A37
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoi64free
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 109575796-0
                                                                                                                                                                                                                  • Opcode ID: 38e964e84685090b57dd723d2507ff3f1a0c9bc9386c0b7744df937879827b80
                                                                                                                                                                                                                  • Instruction ID: 20d7c7945b6ce405b746db777f28e5a7824c808d68ee136ffba93554da0c6ffd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38e964e84685090b57dd723d2507ff3f1a0c9bc9386c0b7744df937879827b80
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D11EF31C1861ADFCF05DFA8C818BEDBBB4EF88311F018058E915A7260DB71AD06DB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 009506E9 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 009506F0
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • _wtoi.MSVCRT ref: 0095075A
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00950769
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00950773
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoifree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1474463088-0
                                                                                                                                                                                                                  • Opcode ID: 39a2dcda7ce7f055f7898f956ed7f2960893e33b22d15821bb9e7cbe36bf08d4
                                                                                                                                                                                                                  • Instruction ID: 1b53b6a1ecf7a018725b1de3017ce8725db9bbc5cfe842aac7969681bd2aac16
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39a2dcda7ce7f055f7898f956ed7f2960893e33b22d15821bb9e7cbe36bf08d4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5411BC31D1461ADFCF05EBA8C854AEEBBB4AF4C311F028058EA12A7260DB71AD05DF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094F06F Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000), ref: 0094F088
                                                                                                                                                                                                                  • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 0094F096
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,?,?,000000FF,00000000,00000000), ref: 0094F0AC
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0094F0B8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiStringWide$AllocFree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 447844807-0
                                                                                                                                                                                                                  • Opcode ID: f6498dc0c23647efabbbe1e3fbbb740753d56208bea03d5fcc819903c74450c8
                                                                                                                                                                                                                  • Instruction ID: d9e29da295c6b14338c428dc7551d554a9340fc9b3614ee080fef89798413397
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6498dc0c23647efabbbe1e3fbbb740753d56208bea03d5fcc819903c74450c8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48F0F632209626BBD73547969C6CEABBF6CEBC67B0B200339F51DD3190DAA15D00D2B0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094EA9A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ??3@Xmemstd::tr1::_
                                                                                                                                                                                                                  • String ID: 8
                                                                                                                                                                                                                  • API String ID: 2676974237-4194326291
                                                                                                                                                                                                                  • Opcode ID: 7e86a27e38e7a3360293b51ba9a2b726c67bfc92cdec0af57c15f31f999e3918
                                                                                                                                                                                                                  • Instruction ID: a99662baa78572b2fe9edc7a2c516f2dcb2eb55e3789c58deb971433280fd89a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e86a27e38e7a3360293b51ba9a2b726c67bfc92cdec0af57c15f31f999e3918
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD31C7B6B016169FCB18DFAAC9D596DFBA9FF98310B24452EE906D3350D670ED00CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0094FBF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 0094FC00
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: __EH_prolog3_GS.LIBCMT ref: 0094F165
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: VariantClear.OLEAUT32 ref: 0094F17A
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F215
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: SysAllocString.OLEAUT32(00000000), ref: 0094F228
                                                                                                                                                                                                                    • Part of subcall function 0094F15E: free.MSVCRT(00000000,?,00000014,00950AA9,?,00000020,0094F785,?,//Profile/ETW/Process,?), ref: 0094F257
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0094FD1C
                                                                                                                                                                                                                    • Part of subcall function 0094FFFD: __EH_prolog3_GS.LIBCMT ref: 00950004
                                                                                                                                                                                                                    • Part of subcall function 0094CA85: __EH_prolog3_GS.LIBCMT ref: 0094CA8F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3_$ClearVariant$AllocByteCharMultiStringWidefree
                                                                                                                                                                                                                  • String ID: Targets/Target
                                                                                                                                                                                                                  • API String ID: 2883521150-4232948680
                                                                                                                                                                                                                  • Opcode ID: 43b6cdf29108c60f84e4dd39e441ba3d93b57eb29beb0418ba880afc3a4c2818
                                                                                                                                                                                                                  • Instruction ID: c8ef8875b667d7092d0382c8440535389ce28ca3efe939943f8a6c29075c5d8c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43b6cdf29108c60f84e4dd39e441ba3d93b57eb29beb0418ba880afc3a4c2818
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87317A3180562ADFEB25DB64CC54FADB7B4AF84305F0141E9E909B3280DB306E89CF60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0095C7D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 0095C7F2
                                                                                                                                                                                                                  • _CxxThrowException.MSVCRT(?,00960758), ref: 0095C845
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • IoBucketizer has not been initialized, xrefs: 0095C82F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionThrow__aulldiv
                                                                                                                                                                                                                  • String ID: IoBucketizer has not been initialized
                                                                                                                                                                                                                  • API String ID: 1607158013-2369748627
                                                                                                                                                                                                                  • Opcode ID: 7ba89b8e21a9440f37394e7bf2b195713203c253fffca10e9dfc6495f01e6cb1
                                                                                                                                                                                                                  • Instruction ID: ca0e0d6e961e4e81b93d98b65ddec68f74b63e4e90baf7334b32cb59b6d295f4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ba89b8e21a9440f37394e7bf2b195713203c253fffca10e9dfc6495f01e6cb1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F017572900214AFCB11EF55C8C1D96F7A9FB84362B0585A1FD199F116D731F819CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 009531FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetEvent.KERNEL32(00000000), ref: 00953212
                                                                                                                                                                                                                    • Part of subcall function 009531AA: TerminateThread.KERNEL32(?,00000000), ref: 009531C9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • Error signaling start event, xrefs: 0095321C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2176068871.0000000000941000.00000020.00000001.01000000.00000013.sdmp, Offset: 00940000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176055168.0000000000940000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176088273.0000000000961000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2176099922.0000000000962000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_940000_diskspd.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: EventTerminateThread
                                                                                                                                                                                                                  • String ID: Error signaling start event
                                                                                                                                                                                                                  • API String ID: 2007589259-38563648
                                                                                                                                                                                                                  • Opcode ID: 5a6161581577eed8286f60d3f0dc69e762de0fc24c24f4506f448bef57153343
                                                                                                                                                                                                                  • Instruction ID: ab6a0545340e6ccbf4fde864b2524cc730478455488430ec478fbb143be814df
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a6161581577eed8286f60d3f0dc69e762de0fc24c24f4506f448bef57153343
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75E0DF3001CB05EFE700AF53EC09B983B59AB407A3F54C009FC15050A1CBF59AD8EB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:2%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:8.2%
                                                                                                                                                                                                                  Total number of Nodes:1543
                                                                                                                                                                                                                  Total number of Limit Nodes:30
                                                                                                                                                                                                                  execution_graph 15623 936cb8 15624 936c4a 15623->15624 15629 936cc1 std::_Locinfo::_Locinfo_dtor 15623->15629 15625 934b4b CallUnexpected 5 API calls 15624->15625 15626 936c52 15625->15626 15630 936d33 15629->15630 15633 936d1f 15629->15633 15649 936e2d 15629->15649 15657 936ee1 15629->15657 15679 937057 15630->15679 15632 936d84 15635 92ae3f _ValidateLocalCookies 5 API calls 15632->15635 15633->15633 15673 931068 15633->15673 15637 936e1e 15635->15637 15638 936d72 15640 933adc ___free_lconv_mon 14 API calls 15638->15640 15639 936df9 15641 933adc ___free_lconv_mon 14 API calls 15639->15641 15640->15630 15643 936e06 15641->15643 15642 936d8b 15642->15639 15642->15642 15646 936e20 15642->15646 15685 93827b 15642->15685 15644 937057 14 API calls 15643->15644 15644->15632 15647 92fa90 __Getcoll 11 API calls 15646->15647 15648 936e2c 15647->15648 15650 936e3d 15649->15650 15650->15650 15651 934140 _unexpected 14 API calls 15650->15651 15652 936e70 15651->15652 15653 93827b std::_Locinfo::_Locinfo_dtor 39 API calls 15652->15653 15654 936e9c 15653->15654 15655 92fa90 __Getcoll 11 API calls 15654->15655 15656 936ee0 15655->15656 15658 936f0c 15657->15658 15659 936f3b 15658->15659 15660 936f5a FindFirstFileExW 15658->15660 15661 936e2d 39 API calls 15659->15661 15660->15659 15666 936f91 15660->15666 15662 936f46 15661->15662 15664 92ae3f _ValidateLocalCookies 5 API calls 15662->15664 15663 936e2d 39 API calls 15663->15666 15668 937055 15664->15668 15665 936fef FindNextFileW 15665->15666 15667 937004 15665->15667 15666->15663 15666->15665 15669 93703b FindClose 15666->15669 15670 937018 FindClose 15667->15670 15694 93b700 15667->15694 15668->15629 15669->15662 15670->15662 15674 9310ab 15673->15674 15675 931079 15673->15675 15674->15638 15674->15642 15675->15674 15676 934140 _unexpected 14 API calls 15675->15676 15677 9310a2 15676->15677 15678 933adc ___free_lconv_mon 14 API calls 15677->15678 15678->15674 15680 937061 15679->15680 15681 937071 15680->15681 15682 933adc ___free_lconv_mon 14 API calls 15680->15682 15683 933adc ___free_lconv_mon 14 API calls 15681->15683 15682->15680 15684 937078 15683->15684 15684->15632 15687 9381ad 15685->15687 15686 9381c7 15688 9381db 15686->15688 15689 92fb3e __Wcscoll 14 API calls 15686->15689 15687->15686 15687->15688 15692 938205 15687->15692 15688->15642 15690 9381d1 15689->15690 15691 92fa63 ___std_exception_copy 39 API calls 15690->15691 15691->15688 15692->15688 15693 92fb3e __Wcscoll 14 API calls 15692->15693 15693->15690 15695 93b73a 15694->15695 15696 92fb3e __Wcscoll 14 API calls 15695->15696 15701 93b74e 15695->15701 15697 93b743 15696->15697 15698 92fa63 ___std_exception_copy 39 API calls 15697->15698 15698->15701 15699 92ae3f _ValidateLocalCookies 5 API calls 15700 937036 15699->15700 15700->15670 15701->15699 15747 93a2ab 15748 933e54 _unexpected 39 API calls 15747->15748 15749 93a2cb 15748->15749 15750 933e54 _unexpected 39 API calls 15749->15750 15751 93a2d2 std::_Locinfo::_Locinfo_dtor 15750->15751 15752 93a2de GetLocaleInfoW 15751->15752 15753 93a309 15752->15753 15754 93a30e 15752->15754 15756 92ae3f _ValidateLocalCookies 5 API calls 15753->15756 15762 936aa8 15754->15762 15757 93a37c 15756->15757 15758 93a326 15758->15753 15772 93a4da 15758->15772 15759 93a31d 15759->15753 15759->15758 15760 936aa8 std::_Locinfo::_Locinfo_dtor 40 API calls 15759->15760 15760->15758 15763 936ab6 15762->15763 15764 936ad9 15762->15764 15763->15764 15765 936abc 15763->15765 15776 936af1 15764->15776 15767 92fb3e __Wcscoll 14 API calls 15765->15767 15769 936ac1 15767->15769 15768 936aec 15768->15759 15770 92fa63 ___std_exception_copy 39 API calls 15769->15770 15771 936acc 15770->15771 15771->15759 15773 933e54 _unexpected 39 API calls 15772->15773 15774 93a4e7 GetLocaleInfoW 15773->15774 15775 93a510 std::_Locinfo::_Locinfo_dtor 15774->15775 15775->15753 15775->15775 15777 936b01 15776->15777 15778 936b1b 15776->15778 15779 92fb3e __Wcscoll 14 API calls 15777->15779 15780 936b23 15778->15780 15781 936b3a 15778->15781 15783 936b06 15779->15783 15784 92fb3e __Wcscoll 14 API calls 15780->15784 15791 9305f3 15781->15791 15785 92fa63 ___std_exception_copy 39 API calls 15783->15785 15786 936b28 15784->15786 15789 936b11 std::_Locinfo::_Locinfo_dtor 15785->15789 15787 92fa63 ___std_exception_copy 39 API calls 15786->15787 15787->15789 15788 936a69 40 API calls std::_Locinfo::_Locinfo_dtor 15790 936b45 15788->15790 15789->15768 15790->15788 15790->15789 15792 930611 15791->15792 15793 93060a 15791->15793 15792->15793 15794 933e54 _unexpected 39 API calls 15792->15794 15793->15790 15795 930632 15794->15795 15796 934765 __Getcoll 39 API calls 15795->15796 15797 930648 15796->15797 15799 9347c3 15797->15799 15800 9347d6 15799->15800 15802 9347eb 15799->15802 15800->15802 15803 9376f6 15800->15803 15802->15793 15804 933e54 _unexpected 39 API calls 15803->15804 15805 9376fb 15804->15805 15808 93760e 15805->15808 15809 93761a ___scrt_is_nonwritable_in_current_image 15808->15809 15811 937634 15809->15811 15819 930085 EnterCriticalSection 15809->15819 15813 93079b CallUnexpected 39 API calls 15811->15813 15814 93763b 15811->15814 15812 937670 15820 93768d 15812->15820 15816 9376ad 15813->15816 15814->15802 15817 937644 15817->15812 15818 933adc ___free_lconv_mon 14 API calls 15817->15818 15818->15812 15819->15817 15823 9300cd LeaveCriticalSection 15820->15823 15822 937694 15822->15811 15823->15822 14079 92b1d2 14080 92b1de ___scrt_is_nonwritable_in_current_image 14079->14080 14105 92aef8 14080->14105 14082 92b33e 14140 92b7fd IsProcessorFeaturePresent 14082->14140 14084 92b1e5 14084->14082 14093 92b20f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 14084->14093 14085 92b345 14120 930d7b 14085->14120 14090 92b22e 14091 92b2af 14113 93139d 14091->14113 14093->14090 14093->14091 14123 930d55 14093->14123 14095 92b2b5 14117 9228d0 StartServiceCtrlDispatcherW 14095->14117 14097 92b2cc 14129 92b920 GetModuleHandleW 14097->14129 14100 92b2da 14101 92b2e3 14100->14101 14131 930d30 14100->14131 14134 92b069 14101->14134 14106 92af01 14105->14106 14147 92b3de IsProcessorFeaturePresent 14106->14147 14110 92af12 14111 92af16 14110->14111 14157 92e0df 14110->14157 14111->14084 14114 9313ab 14113->14114 14115 9313a6 14113->14115 14114->14095 14217 9310c2 14115->14217 14118 922900 GetLastError 14117->14118 14119 92290a 14117->14119 14118->14097 14119->14097 14497 930baf 14120->14497 14124 930d6b ___scrt_is_nonwritable_in_current_image _unexpected 14123->14124 14124->14091 14570 933e54 GetLastError 14124->14570 14126 93079b CallUnexpected 39 API calls 14127 93311a 14126->14127 14130 92b2d6 14129->14130 14130->14085 14130->14100 14132 930baf CallUnexpected 21 API calls 14131->14132 14133 930d3b 14132->14133 14133->14101 14135 92b075 14134->14135 14139 92b08b 14135->14139 14597 931805 14135->14597 14137 92b083 14138 92e0df ___scrt_uninitialize_crt 7 API calls 14137->14138 14138->14139 14139->14090 14141 92b813 CallUnexpected 14140->14141 14142 92b8be IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14141->14142 14143 92b909 CallUnexpected 14142->14143 14143->14085 14144 930d3f 14145 930baf CallUnexpected 21 API calls 14144->14145 14146 92b353 14145->14146 14148 92af0d 14147->14148 14149 92e0c0 14148->14149 14163 92f1ac 14149->14163 14153 92e0d1 14154 92e0dc 14153->14154 14177 92f1e8 14153->14177 14154->14110 14156 92e0c9 14156->14110 14158 92e0f2 14157->14158 14159 92e0e8 14157->14159 14158->14111 14160 92e3c9 ___vcrt_uninitialize_ptd 6 API calls 14159->14160 14161 92e0ed 14160->14161 14162 92f1e8 ___vcrt_uninitialize_locks DeleteCriticalSection 14161->14162 14162->14158 14164 92f1b5 14163->14164 14166 92f1de 14164->14166 14167 92e0c5 14164->14167 14181 92f561 14164->14181 14168 92f1e8 ___vcrt_uninitialize_locks DeleteCriticalSection 14166->14168 14167->14156 14169 92e396 14167->14169 14168->14167 14198 92f472 14169->14198 14172 92e3ab 14172->14153 14175 92e3c6 14175->14153 14178 92f212 14177->14178 14179 92f1f3 14177->14179 14178->14156 14180 92f1fd DeleteCriticalSection 14179->14180 14180->14178 14180->14180 14186 92f387 14181->14186 14184 92f584 14184->14164 14185 92f599 InitializeCriticalSectionAndSpinCount 14185->14184 14187 92f3a4 14186->14187 14188 92f3a8 14186->14188 14187->14184 14187->14185 14188->14187 14189 92f410 GetProcAddress 14188->14189 14191 92f401 14188->14191 14193 92f427 LoadLibraryExW 14188->14193 14189->14187 14191->14189 14192 92f409 FreeLibrary 14191->14192 14192->14189 14194 92f46e 14193->14194 14195 92f43e GetLastError 14193->14195 14194->14188 14195->14194 14196 92f449 ___vcrt_InitializeCriticalSectionEx 14195->14196 14196->14194 14197 92f45f LoadLibraryExW 14196->14197 14197->14188 14199 92f387 ___vcrt_InitializeCriticalSectionEx 5 API calls 14198->14199 14200 92f48c 14199->14200 14201 92f4a5 TlsAlloc 14200->14201 14202 92e3a0 14200->14202 14202->14172 14203 92f523 14202->14203 14204 92f387 ___vcrt_InitializeCriticalSectionEx 5 API calls 14203->14204 14205 92f53d 14204->14205 14206 92f558 TlsSetValue 14205->14206 14207 92e3b9 14205->14207 14206->14207 14207->14175 14208 92e3c9 14207->14208 14209 92e3d3 14208->14209 14210 92e3d9 14208->14210 14212 92f4ad 14209->14212 14210->14172 14213 92f387 ___vcrt_InitializeCriticalSectionEx 5 API calls 14212->14213 14214 92f4c7 14213->14214 14215 92f4df TlsFree 14214->14215 14216 92f4d3 14214->14216 14215->14216 14216->14210 14218 9310cb 14217->14218 14219 9310e1 14217->14219 14218->14219 14223 9310ee 14218->14223 14219->14114 14221 9310d8 14221->14219 14238 931290 14221->14238 14224 9310f7 14223->14224 14225 9310fa 14223->14225 14224->14221 14246 9379c6 GetEnvironmentStringsW 14225->14246 14227 931100 14228 931112 14227->14228 14229 931106 14227->14229 14259 931143 14228->14259 14253 933adc 14229->14253 14234 933adc ___free_lconv_mon 14 API calls 14235 931136 14234->14235 14236 933adc ___free_lconv_mon 14 API calls 14235->14236 14237 93113c 14236->14237 14237->14221 14239 93129f 14238->14239 14240 9312fb 14238->14240 14239->14240 14241 934140 _unexpected 14 API calls 14239->14241 14242 9312ff 14239->14242 14243 936906 MultiByteToWideChar std::_Locinfo::_Locinfo_dtor 14239->14243 14245 933adc ___free_lconv_mon 14 API calls 14239->14245 14240->14219 14241->14239 14244 933adc ___free_lconv_mon 14 API calls 14242->14244 14243->14239 14244->14240 14245->14239 14247 9379d7 14246->14247 14248 9379d5 14246->14248 14281 934f92 14247->14281 14248->14227 14250 9379ec _Yarn 14251 933adc ___free_lconv_mon 14 API calls 14250->14251 14252 937a06 FreeEnvironmentStringsW 14251->14252 14252->14227 14254 933ae7 HeapFree 14253->14254 14255 93110c 14253->14255 14254->14255 14256 933afc GetLastError 14254->14256 14255->14221 14257 933b09 ___free_lconv_mon 14256->14257 14258 92fb3e __Wcscoll 12 API calls 14257->14258 14258->14255 14262 931162 14259->14262 14260 934140 _unexpected 14 API calls 14261 9311a2 14260->14261 14263 9311aa 14261->14263 14269 9311b4 14261->14269 14262->14260 14262->14262 14264 933adc ___free_lconv_mon 14 API calls 14263->14264 14266 931119 14264->14266 14265 931229 14267 933adc ___free_lconv_mon 14 API calls 14265->14267 14266->14234 14267->14266 14268 934140 _unexpected 14 API calls 14268->14269 14269->14265 14269->14268 14270 931239 14269->14270 14275 931254 14269->14275 14277 933adc ___free_lconv_mon 14 API calls 14269->14277 14391 93394b 14269->14391 14400 931261 14270->14400 14274 933adc ___free_lconv_mon 14 API calls 14276 931247 14274->14276 14406 92fa90 IsProcessorFeaturePresent 14275->14406 14279 933adc ___free_lconv_mon 14 API calls 14276->14279 14277->14269 14279->14266 14280 931260 14282 934fd0 14281->14282 14287 934fa0 _unexpected 14281->14287 14291 92fb3e 14282->14291 14283 934fbb HeapAlloc 14285 934fce 14283->14285 14283->14287 14285->14250 14287->14282 14287->14283 14288 930892 14287->14288 14294 9308be 14288->14294 14305 933fa6 GetLastError 14291->14305 14293 92fb43 14293->14285 14295 9308ca ___scrt_is_nonwritable_in_current_image 14294->14295 14300 930085 EnterCriticalSection 14295->14300 14297 9308d5 CallUnexpected 14301 93090c 14297->14301 14300->14297 14304 9300cd LeaveCriticalSection 14301->14304 14303 93089d 14303->14287 14304->14303 14306 933fc2 14305->14306 14307 933fbc 14305->14307 14311 933fc6 SetLastError 14306->14311 14333 934cf9 14306->14333 14328 934cba 14307->14328 14311->14293 14315 933ffb 14318 934cf9 _unexpected 6 API calls 14315->14318 14316 93400c 14317 934cf9 _unexpected 6 API calls 14316->14317 14319 934018 14317->14319 14320 934009 14318->14320 14321 934033 14319->14321 14322 93401c 14319->14322 14324 933adc ___free_lconv_mon 12 API calls 14320->14324 14345 933c82 14321->14345 14323 934cf9 _unexpected 6 API calls 14322->14323 14323->14320 14324->14311 14327 933adc ___free_lconv_mon 12 API calls 14327->14311 14350 934ac6 14328->14350 14331 934cf1 TlsGetValue 14332 934cdf 14332->14306 14334 934ac6 _unexpected 5 API calls 14333->14334 14335 934d15 14334->14335 14336 934d33 TlsSetValue 14335->14336 14337 933fde 14335->14337 14337->14311 14338 934140 14337->14338 14344 93414d _unexpected 14338->14344 14339 93418d 14341 92fb3e __Wcscoll 13 API calls 14339->14341 14340 934178 HeapAlloc 14342 933ff3 14340->14342 14340->14344 14341->14342 14342->14315 14342->14316 14343 930892 std::_Facet_Register 2 API calls 14343->14344 14344->14339 14344->14340 14344->14343 14365 933b16 14345->14365 14351 934af6 14350->14351 14355 934af2 14350->14355 14351->14355 14357 9349fb 14351->14357 14354 934b10 GetProcAddress 14354->14355 14356 934b20 _unexpected 14354->14356 14355->14331 14355->14332 14356->14355 14363 934a0c ___vcrt_InitializeCriticalSectionEx 14357->14363 14358 934aa2 14358->14354 14358->14355 14359 934a2a LoadLibraryExW 14360 934a45 GetLastError 14359->14360 14361 934aa9 14359->14361 14360->14363 14361->14358 14362 934abb FreeLibrary 14361->14362 14362->14358 14363->14358 14363->14359 14364 934a78 LoadLibraryExW 14363->14364 14364->14361 14364->14363 14366 933b22 ___scrt_is_nonwritable_in_current_image 14365->14366 14379 930085 EnterCriticalSection 14366->14379 14368 933b2c 14380 933b5c 14368->14380 14371 933c28 14372 933c34 ___scrt_is_nonwritable_in_current_image 14371->14372 14383 930085 EnterCriticalSection 14372->14383 14374 933c3e 14384 933e09 14374->14384 14376 933c56 14388 933c76 14376->14388 14379->14368 14381 9300cd std::_Lockit::~_Lockit LeaveCriticalSection 14380->14381 14382 933b4a 14381->14382 14382->14371 14383->14374 14385 933e3f __Getcoll 14384->14385 14386 933e18 __Getcoll 14384->14386 14385->14376 14386->14385 14387 939227 __Getcoll 14 API calls 14386->14387 14387->14385 14389 9300cd std::_Lockit::~_Lockit LeaveCriticalSection 14388->14389 14390 933c64 14389->14390 14390->14327 14392 933959 14391->14392 14393 933967 14391->14393 14392->14393 14398 933981 14392->14398 14394 92fb3e __Wcscoll 14 API calls 14393->14394 14395 933971 14394->14395 14410 92fa63 14395->14410 14397 93397b 14397->14269 14398->14397 14399 92fb3e __Wcscoll 14 API calls 14398->14399 14399->14395 14401 93126e 14400->14401 14402 93123f 14400->14402 14403 931285 14401->14403 14404 933adc ___free_lconv_mon 14 API calls 14401->14404 14402->14274 14405 933adc ___free_lconv_mon 14 API calls 14403->14405 14404->14401 14405->14402 14407 92fa9c 14406->14407 14483 92f867 14407->14483 14413 92f9af 14410->14413 14414 92f9c1 ___std_exception_copy 14413->14414 14419 92f9e6 14414->14419 14416 92f9d9 14430 92f79f 14416->14430 14420 92f9fd 14419->14420 14421 92f9f6 14419->14421 14426 92fa0b 14420->14426 14440 92f7db 14420->14440 14436 92f804 GetLastError 14421->14436 14424 92fa32 14425 92fa90 __Getcoll 11 API calls 14424->14425 14424->14426 14427 92fa62 14425->14427 14426->14416 14428 92f9af ___std_exception_copy 39 API calls 14427->14428 14429 92fa6f 14428->14429 14429->14416 14431 92f7ab 14430->14431 14432 92f7c2 14431->14432 14465 92f84a 14431->14465 14434 92f7d5 14432->14434 14435 92f84a ___std_exception_copy 39 API calls 14432->14435 14434->14397 14435->14434 14437 92f81d 14436->14437 14443 934057 14437->14443 14441 92f7e6 GetLastError SetLastError 14440->14441 14442 92f7ff 14440->14442 14441->14424 14442->14424 14444 934070 14443->14444 14445 93406a 14443->14445 14447 934cf9 _unexpected 6 API calls 14444->14447 14449 92f835 SetLastError 14444->14449 14446 934cba _unexpected 6 API calls 14445->14446 14446->14444 14448 93408a 14447->14448 14448->14449 14450 934140 _unexpected 14 API calls 14448->14450 14449->14420 14451 93409a 14450->14451 14452 9340a2 14451->14452 14453 9340b7 14451->14453 14455 934cf9 _unexpected 6 API calls 14452->14455 14454 934cf9 _unexpected 6 API calls 14453->14454 14457 9340c3 14454->14457 14456 9340ae 14455->14456 14460 933adc ___free_lconv_mon 14 API calls 14456->14460 14458 9340c7 14457->14458 14459 9340d6 14457->14459 14461 934cf9 _unexpected 6 API calls 14458->14461 14462 933c82 _unexpected 14 API calls 14459->14462 14460->14449 14461->14456 14463 9340e1 14462->14463 14464 933adc ___free_lconv_mon 14 API calls 14463->14464 14464->14449 14466 92f854 14465->14466 14467 92f85d 14465->14467 14468 92f804 ___std_exception_copy 16 API calls 14466->14468 14467->14432 14469 92f859 14468->14469 14469->14467 14472 93079b 14469->14472 14473 936637 CallUnexpected EnterCriticalSection LeaveCriticalSection 14472->14473 14474 9307a0 14473->14474 14475 9307ab 14474->14475 14476 93667c CallUnexpected 38 API calls 14474->14476 14477 9307b5 IsProcessorFeaturePresent 14475->14477 14482 9307d4 14475->14482 14476->14475 14478 9307c1 14477->14478 14480 92f867 CallUnexpected 8 API calls 14478->14480 14479 930d3f CallUnexpected 21 API calls 14481 9307de 14479->14481 14480->14482 14482->14479 14484 92f883 CallUnexpected 14483->14484 14485 92f8af IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14484->14485 14486 92f980 CallUnexpected 14485->14486 14489 92ae3f 14486->14489 14488 92f99e GetCurrentProcess TerminateProcess 14488->14280 14490 92ae47 14489->14490 14491 92ae48 IsProcessorFeaturePresent 14489->14491 14490->14488 14493 92b62d 14491->14493 14496 92b5f0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14493->14496 14495 92b710 14495->14488 14496->14495 14498 930bee 14497->14498 14499 930bdc 14497->14499 14509 930a5b 14498->14509 14500 92b920 CallUnexpected GetModuleHandleW 14499->14500 14502 930be1 14500->14502 14502->14498 14524 930c90 GetModuleHandleExW 14502->14524 14504 92b34b 14504->14144 14508 930c40 14510 930a67 ___scrt_is_nonwritable_in_current_image 14509->14510 14530 930085 EnterCriticalSection 14510->14530 14512 930a71 14531 930ac7 14512->14531 14514 930a7e 14535 930a9c 14514->14535 14517 930c46 14560 930c77 14517->14560 14519 930c50 14520 930c64 14519->14520 14521 930c54 GetCurrentProcess TerminateProcess 14519->14521 14522 930c90 CallUnexpected 3 API calls 14520->14522 14521->14520 14523 930c6c ExitProcess 14522->14523 14525 930cf0 14524->14525 14526 930ccf GetProcAddress 14524->14526 14528 930cf6 FreeLibrary 14525->14528 14529 930bed 14525->14529 14526->14525 14527 930ce3 14526->14527 14527->14525 14528->14529 14529->14498 14530->14512 14532 930ad3 ___scrt_is_nonwritable_in_current_image CallUnexpected 14531->14532 14533 930b37 CallUnexpected 14532->14533 14538 93165e 14532->14538 14533->14514 14559 9300cd LeaveCriticalSection 14535->14559 14537 930a8a 14537->14504 14537->14517 14539 93166a __EH_prolog3 14538->14539 14542 9313b6 14539->14542 14541 931691 CallUnexpected 14541->14533 14543 9313c2 ___scrt_is_nonwritable_in_current_image 14542->14543 14550 930085 EnterCriticalSection 14543->14550 14545 9313d0 14551 93156e 14545->14551 14550->14545 14552 9313dd 14551->14552 14553 93158d 14551->14553 14555 931405 14552->14555 14553->14552 14554 933adc ___free_lconv_mon 14 API calls 14553->14554 14554->14552 14558 9300cd LeaveCriticalSection 14555->14558 14557 9313ee 14557->14541 14558->14557 14559->14537 14563 936c36 14560->14563 14562 930c7c CallUnexpected 14562->14519 14564 936c45 CallUnexpected 14563->14564 14565 936c52 14564->14565 14567 934b4b 14564->14567 14565->14562 14568 934ac6 _unexpected 5 API calls 14567->14568 14569 934b67 14568->14569 14569->14565 14571 933e6a 14570->14571 14575 933e70 14570->14575 14572 934cba _unexpected 6 API calls 14571->14572 14572->14575 14573 934cf9 _unexpected 6 API calls 14574 933e8c 14573->14574 14576 933e74 SetLastError 14574->14576 14578 934140 _unexpected 14 API calls 14574->14578 14575->14573 14575->14576 14580 9330f0 14576->14580 14581 933f09 14576->14581 14579 933ea1 14578->14579 14582 933eba 14579->14582 14583 933ea9 14579->14583 14580->14126 14584 93079b CallUnexpected 37 API calls 14581->14584 14586 934cf9 _unexpected 6 API calls 14582->14586 14585 934cf9 _unexpected 6 API calls 14583->14585 14587 933f0e 14584->14587 14588 933eb7 14585->14588 14589 933ec6 14586->14589 14594 933adc ___free_lconv_mon 14 API calls 14588->14594 14590 933ee1 14589->14590 14591 933eca 14589->14591 14592 933c82 _unexpected 14 API calls 14590->14592 14593 934cf9 _unexpected 6 API calls 14591->14593 14595 933eec 14592->14595 14593->14588 14594->14576 14596 933adc ___free_lconv_mon 14 API calls 14595->14596 14596->14576 14598 931822 ___scrt_uninitialize_crt 14597->14598 14599 931810 14597->14599 14598->14137 14600 93181e 14599->14600 14602 938135 14599->14602 14600->14137 14605 937fc6 14602->14605 14608 937f1a 14605->14608 14609 937f26 ___scrt_is_nonwritable_in_current_image 14608->14609 14616 930085 EnterCriticalSection 14609->14616 14611 937f9c 14625 937fba 14611->14625 14612 937f30 ___scrt_uninitialize_crt 14612->14611 14617 937e8e 14612->14617 14616->14612 14618 937e9a ___scrt_is_nonwritable_in_current_image 14617->14618 14628 93634b EnterCriticalSection 14618->14628 14620 937edd 14642 937f0e 14620->14642 14621 937ea4 ___scrt_uninitialize_crt 14621->14620 14629 9380d0 14621->14629 14744 9300cd LeaveCriticalSection 14625->14744 14627 937fa8 14627->14600 14628->14621 14630 9380e5 ___std_exception_copy 14629->14630 14631 9380f7 14630->14631 14632 9380ec 14630->14632 14645 938067 14631->14645 14633 937fc6 ___scrt_uninitialize_crt 68 API calls 14632->14633 14635 9380f2 14633->14635 14637 92f79f ___std_exception_copy 39 API calls 14635->14637 14639 93812f 14637->14639 14639->14620 14640 938118 14658 93bce1 14640->14658 14743 93635f LeaveCriticalSection 14642->14743 14644 937efc 14644->14612 14646 9380a7 14645->14646 14647 938080 14645->14647 14646->14635 14651 936210 14646->14651 14647->14646 14648 936210 ___scrt_uninitialize_crt 39 API calls 14647->14648 14649 93809c 14648->14649 14669 93c500 14649->14669 14652 936231 14651->14652 14653 93621c 14651->14653 14652->14640 14654 92fb3e __Wcscoll 14 API calls 14653->14654 14655 936221 14654->14655 14656 92fa63 ___std_exception_copy 39 API calls 14655->14656 14657 93622c 14656->14657 14657->14640 14659 93bcf2 14658->14659 14662 93bcff 14658->14662 14660 92fb3e __Wcscoll 14 API calls 14659->14660 14668 93bcf7 14660->14668 14661 93bd48 14663 92fb3e __Wcscoll 14 API calls 14661->14663 14662->14661 14664 93bd26 14662->14664 14665 93bd4d 14663->14665 14710 93bc3f 14664->14710 14667 92fa63 ___std_exception_copy 39 API calls 14665->14667 14667->14668 14668->14635 14670 93c50c ___scrt_is_nonwritable_in_current_image 14669->14670 14671 93c54d 14670->14671 14673 93c593 14670->14673 14679 93c514 14670->14679 14672 92f9e6 ___std_exception_copy 39 API calls 14671->14672 14672->14679 14680 9383d4 EnterCriticalSection 14673->14680 14675 93c599 14676 93c5b7 14675->14676 14681 93c611 14675->14681 14707 93c609 14676->14707 14679->14646 14680->14675 14682 93c639 14681->14682 14706 93c65c ___scrt_uninitialize_crt 14681->14706 14683 93c63d 14682->14683 14685 93c698 14682->14685 14684 92f9e6 ___std_exception_copy 39 API calls 14683->14684 14684->14706 14686 93d08b ___scrt_uninitialize_crt 41 API calls 14685->14686 14689 93c6b6 14685->14689 14686->14689 14687 93c18d ___scrt_uninitialize_crt 40 API calls 14688 93c6c8 14687->14688 14690 93c715 14688->14690 14691 93c6ce 14688->14691 14689->14687 14694 93c729 14690->14694 14695 93c77e WriteFile 14690->14695 14692 93c6d6 14691->14692 14693 93c6fd 14691->14693 14700 93c125 ___scrt_uninitialize_crt 6 API calls 14692->14700 14692->14706 14696 93bd5e ___scrt_uninitialize_crt 45 API calls 14693->14696 14698 93c731 14694->14698 14699 93c76a 14694->14699 14697 93c7a0 GetLastError 14695->14697 14695->14706 14696->14706 14697->14706 14702 93c756 14698->14702 14703 93c736 14698->14703 14701 93c20a ___scrt_uninitialize_crt 7 API calls 14699->14701 14700->14706 14701->14706 14704 93c3ce ___scrt_uninitialize_crt 8 API calls 14702->14704 14705 93c2e5 ___scrt_uninitialize_crt 7 API calls 14703->14705 14703->14706 14704->14706 14705->14706 14706->14676 14708 9383f7 ___scrt_uninitialize_crt LeaveCriticalSection 14707->14708 14709 93c60f 14708->14709 14709->14679 14711 93bc4b ___scrt_is_nonwritable_in_current_image 14710->14711 14723 9383d4 EnterCriticalSection 14711->14723 14713 93bc5a 14721 93bc9f 14713->14721 14724 9384ab 14713->14724 14715 92fb3e __Wcscoll 14 API calls 14717 93bca6 14715->14717 14716 93bc86 FlushFileBuffers 14716->14717 14718 93bc92 GetLastError 14716->14718 14740 93bcd5 14717->14740 14737 92fb2b 14718->14737 14721->14715 14723->14713 14725 9384b8 14724->14725 14726 9384cd 14724->14726 14727 92fb2b ___scrt_uninitialize_crt 14 API calls 14725->14727 14729 92fb2b ___scrt_uninitialize_crt 14 API calls 14726->14729 14731 9384f2 14726->14731 14728 9384bd 14727->14728 14730 92fb3e __Wcscoll 14 API calls 14728->14730 14732 9384fd 14729->14732 14733 9384c5 14730->14733 14731->14716 14734 92fb3e __Wcscoll 14 API calls 14732->14734 14733->14716 14735 938505 14734->14735 14736 92fa63 ___std_exception_copy 39 API calls 14735->14736 14736->14733 14738 933fa6 __Wcscoll 14 API calls 14737->14738 14739 92fb30 14738->14739 14739->14721 14741 9383f7 ___scrt_uninitialize_crt LeaveCriticalSection 14740->14741 14742 93bcbe 14741->14742 14742->14668 14743->14644 14744->14627 15868 9364d9 15869 9364e5 ___scrt_is_nonwritable_in_current_image 15868->15869 15880 930085 EnterCriticalSection 15869->15880 15871 9364ec 15881 938336 15871->15881 15874 93650a 15905 936530 15874->15905 15880->15871 15882 938342 ___scrt_is_nonwritable_in_current_image 15881->15882 15883 93834b 15882->15883 15884 93836c 15882->15884 15885 92fb3e __Wcscoll 14 API calls 15883->15885 15908 930085 EnterCriticalSection 15884->15908 15887 938350 15885->15887 15888 92fa63 ___std_exception_copy 39 API calls 15887->15888 15890 9364fb 15888->15890 15889 9383a4 15916 9383cb 15889->15916 15890->15874 15894 936373 GetStartupInfoW 15890->15894 15891 938378 15891->15889 15909 938286 15891->15909 15895 936390 15894->15895 15896 936424 15894->15896 15895->15896 15897 938336 40 API calls 15895->15897 15900 936429 15896->15900 15898 9363b8 15897->15898 15898->15896 15899 9363e8 GetFileType 15898->15899 15899->15898 15901 936430 15900->15901 15902 936473 GetStdHandle 15901->15902 15903 9364d5 15901->15903 15904 936486 GetFileType 15901->15904 15902->15901 15903->15874 15904->15901 15925 9300cd LeaveCriticalSection 15905->15925 15907 93651b 15908->15891 15910 934140 _unexpected 14 API calls 15909->15910 15911 938298 15910->15911 15915 9382a5 15911->15915 15919 934db6 15911->15919 15912 933adc ___free_lconv_mon 14 API calls 15914 9382fa 15912->15914 15914->15891 15915->15912 15924 9300cd LeaveCriticalSection 15916->15924 15918 9383d2 15918->15890 15920 934ac6 _unexpected 5 API calls 15919->15920 15921 934dd2 15920->15921 15922 934df0 InitializeCriticalSectionAndSpinCount 15921->15922 15923 934ddb 15921->15923 15922->15923 15923->15911 15924->15918 15925->15907 16232 9362ff 16233 938135 ___scrt_uninitialize_crt 68 API calls 16232->16233 16234 936307 16233->16234 16242 93b4e8 16234->16242 16236 93630c 16252 93b593 16236->16252 16239 936336 16240 933adc ___free_lconv_mon 14 API calls 16239->16240 16241 936341 16240->16241 16243 93b4f4 ___scrt_is_nonwritable_in_current_image 16242->16243 16256 930085 EnterCriticalSection 16243->16256 16245 93b56b 16263 93b58a 16245->16263 16247 93b4ff 16247->16245 16249 93b53f DeleteCriticalSection 16247->16249 16257 93cfd8 16247->16257 16251 933adc ___free_lconv_mon 14 API calls 16249->16251 16251->16247 16253 93b5aa 16252->16253 16254 93631b DeleteCriticalSection 16252->16254 16253->16254 16255 933adc ___free_lconv_mon 14 API calls 16253->16255 16254->16236 16254->16239 16255->16254 16256->16247 16258 93cfeb ___std_exception_copy 16257->16258 16266 93ceb3 16258->16266 16260 93cff7 16261 92f79f ___std_exception_copy 39 API calls 16260->16261 16262 93d003 16261->16262 16262->16247 16338 9300cd LeaveCriticalSection 16263->16338 16265 93b577 16265->16236 16267 93cebf ___scrt_is_nonwritable_in_current_image 16266->16267 16268 93cec9 16267->16268 16269 93ceec 16267->16269 16270 92f9e6 ___std_exception_copy 39 API calls 16268->16270 16271 93cee4 16269->16271 16277 93634b EnterCriticalSection 16269->16277 16270->16271 16271->16260 16273 93cf0a 16278 93cf4a 16273->16278 16275 93cf17 16292 93cf42 16275->16292 16277->16273 16279 93cf57 16278->16279 16280 93cf7a 16278->16280 16281 92f9e6 ___std_exception_copy 39 API calls 16279->16281 16282 93cf72 16280->16282 16283 938067 ___scrt_uninitialize_crt 64 API calls 16280->16283 16281->16282 16282->16275 16284 93cf92 16283->16284 16285 93b593 14 API calls 16284->16285 16286 93cf9a 16285->16286 16287 936210 ___scrt_uninitialize_crt 39 API calls 16286->16287 16288 93cfa6 16287->16288 16295 93dd56 16288->16295 16291 933adc ___free_lconv_mon 14 API calls 16291->16282 16337 93635f LeaveCriticalSection 16292->16337 16294 93cf48 16294->16271 16298 93cfad 16295->16298 16299 93dd7f 16295->16299 16296 93ddce 16297 92f9e6 ___std_exception_copy 39 API calls 16296->16297 16297->16298 16298->16282 16298->16291 16299->16296 16300 93dda6 16299->16300 16302 93dcc5 16300->16302 16303 93dcd1 ___scrt_is_nonwritable_in_current_image 16302->16303 16310 9383d4 EnterCriticalSection 16303->16310 16305 93dcdf 16306 93dd10 16305->16306 16311 93ddf9 16305->16311 16324 93dd4a 16306->16324 16310->16305 16312 9384ab ___scrt_uninitialize_crt 39 API calls 16311->16312 16315 93de09 16312->16315 16313 93de0f 16327 93841a 16313->16327 16315->16313 16316 93de41 16315->16316 16318 9384ab ___scrt_uninitialize_crt 39 API calls 16315->16318 16316->16313 16317 9384ab ___scrt_uninitialize_crt 39 API calls 16316->16317 16320 93de4d CloseHandle 16317->16320 16319 93de38 16318->16319 16321 9384ab ___scrt_uninitialize_crt 39 API calls 16319->16321 16320->16313 16322 93de59 GetLastError 16320->16322 16321->16316 16322->16313 16323 93de67 ___scrt_uninitialize_crt 16323->16306 16336 9383f7 LeaveCriticalSection 16324->16336 16326 93dd33 16326->16298 16328 938490 16327->16328 16329 938429 16327->16329 16330 92fb3e __Wcscoll 14 API calls 16328->16330 16329->16328 16333 938453 16329->16333 16331 938495 16330->16331 16332 92fb2b ___scrt_uninitialize_crt 14 API calls 16331->16332 16334 938480 16332->16334 16333->16334 16335 93847a SetStdHandle 16333->16335 16334->16323 16335->16334 16336->16326 16337->16294 16338->16265 14745 922910 14746 92295a RegisterServiceCtrlHandlerExW 14745->14746 14749 922919 14745->14749 14747 922ab0 14746->14747 14748 922979 SetServiceStatus CreateEventW 14746->14748 14750 9229e5 GetLastError SetServiceStatus 14748->14750 14751 922a1b SetServiceStatus CreateThread WaitForSingleObject CloseHandle SetServiceStatus 14748->14751 14749->14746 14751->14747 14752 922e40 WaitForSingleObject 14751->14752 14753 922eb5 14752->14753 14758 922e5e 14752->14758 14754 922e64 WTSGetActiveConsoleSessionId wsprintfW 14755 922e9c Sleep WaitForSingleObject 14754->14755 14754->14758 14755->14753 14755->14754 14758->14754 14758->14755 14759 9223a0 14758->14759 14786 922b30 WTSGetActiveConsoleSessionId 14758->14786 14776 922400 error_info_injector CallUnexpected 14759->14776 14760 922404 CloseHandle 14760->14776 14762 922462 CreateToolhelp32Snapshot 14763 92249a Process32FirstW 14762->14763 14762->14776 14764 922573 FindCloseChangeNotification 14763->14764 14763->14776 14764->14776 14765 922890 14902 92fa73 14765->14902 14767 92254c Process32NextW 14767->14776 14768 9225f6 OpenProcess 14770 922616 K32GetProcessImageFileNameW 14768->14770 14773 922628 error_info_injector 14768->14773 14770->14773 14773->14765 14774 92263b CloseHandle 14773->14774 14773->14776 14848 921d20 14773->14848 14774->14768 14774->14773 14775 922666 GetLastError 14778 922675 Sleep 14775->14778 14781 922841 14775->14781 14776->14760 14776->14762 14776->14764 14776->14765 14776->14767 14776->14768 14776->14775 14777 92274d GetProcessTimes 14776->14777 14780 9226fb Sleep 14776->14780 14776->14781 14785 9227e7 Sleep 14776->14785 14814 923020 14776->14814 14833 923ad0 14776->14833 14779 92279b GetSystemTimeAsFileTime 14777->14779 14777->14781 14778->14773 14778->14776 14779->14776 14779->14781 14780->14773 14780->14776 14781->14765 14783 92286a error_info_injector 14781->14783 14782 92ae3f _ValidateLocalCookies 5 API calls 14784 92288c 14782->14784 14783->14782 14784->14758 14785->14773 14785->14776 14787 922b6b WTSQueryUserToken 14786->14787 14788 922b58 14786->14788 14790 922b81 GetTokenInformation 14787->14790 14791 922e04 GetLastError wsprintfW 14787->14791 14789 92ae3f _ValidateLocalCookies 5 API calls 14788->14789 14793 922b67 14789->14793 14794 922be6 DuplicateTokenEx 14790->14794 14795 922bbd GetLastError wsprintfW 14790->14795 14792 92ae3f _ValidateLocalCookies 5 API calls 14791->14792 14796 922e31 14792->14796 14793->14758 14798 922c0e wsprintfW 14794->14798 14799 922c1d ConvertStringSidToSidW 14794->14799 14797 922c9f CloseHandle 14795->14797 14796->14758 14800 922dcb GetLastError wsprintfW CloseHandle CloseHandle 14797->14800 14805 922cc2 CallUnexpected 14797->14805 14798->14799 14801 922c56 GetLengthSid SetTokenInformation 14799->14801 14802 922c47 wsprintfW 14799->14802 14804 92ae3f _ValidateLocalCookies 5 API calls 14800->14804 14801->14797 14803 922c90 wsprintfW 14801->14803 14802->14801 14803->14797 14806 922e00 14804->14806 14807 922cf0 wsprintfW CreateProcessAsUserW 14805->14807 14806->14758 14808 922d86 GetLastError wsprintfW DestroyEnvironmentBlock CloseHandle CloseHandle 14807->14808 14809 922d3c CloseHandle CloseHandle DestroyEnvironmentBlock CloseHandle CloseHandle 14807->14809 14811 92ae3f _ValidateLocalCookies 5 API calls 14808->14811 14810 92ae3f _ValidateLocalCookies 5 API calls 14809->14810 14812 922d82 14810->14812 14813 922dc7 14811->14813 14812->14758 14813->14758 14818 923045 14814->14818 14815 92312c 14924 921200 14815->14924 14817 92306c _Yarn 14817->14776 14818->14815 14818->14817 14820 92309a 14818->14820 14821 923127 14818->14821 14824 9230e9 14818->14824 14819 9230d7 14822 92fa73 39 API calls 14819->14822 14831 9230de _Yarn 14819->14831 14820->14821 14825 9230d1 14820->14825 14918 921160 14821->14918 14826 923136 14822->14826 14828 92ae52 std::_Facet_Register 41 API calls 14824->14828 14824->14831 14907 92ae52 14825->14907 14829 923166 error_info_injector 14826->14829 14830 92fa73 39 API calls 14826->14830 14828->14831 14829->14776 14832 92318a 14830->14832 14831->14776 14832->14776 14834 923c19 14833->14834 14835 923af9 14833->14835 14968 923f80 14834->14968 14837 923c14 14835->14837 14840 923b64 14835->14840 14841 923b3d 14835->14841 14838 921160 Concurrency::cancel_current_task 41 API calls 14837->14838 14838->14834 14839 92fa73 39 API calls 14842 923c23 14839->14842 14844 92ae52 std::_Facet_Register 41 API calls 14840->14844 14846 923b4e _Yarn 14840->14846 14841->14837 14843 923b48 14841->14843 14845 92ae52 std::_Facet_Register 41 API calls 14843->14845 14844->14846 14845->14846 14846->14839 14847 923beb error_info_injector 14846->14847 14847->14776 14974 92a5e0 14848->14974 14850 921d6b 14986 923200 14850->14986 14852 921d80 14853 92ae52 std::_Facet_Register 41 API calls 14852->14853 14854 921dec 14853->14854 15021 923910 14854->15021 14856 921e75 14857 921ec5 error_info_injector 14856->14857 14859 922314 14856->14859 14858 923020 41 API calls 14857->14858 14863 921f45 14858->14863 14860 92fa73 39 API calls 14859->14860 14861 922319 14860->14861 14862 92fa73 39 API calls 14861->14862 14865 92231e 14862->14865 14864 922031 14863->14864 14876 9221da error_info_injector 14863->14876 15034 925840 14863->15034 15049 9245f0 14864->15049 14868 92fa73 39 API calls 14865->14868 14870 922323 14868->14870 14869 92236e error_info_injector 14869->14773 14870->14869 14871 92fa73 39 API calls 14870->14871 14889 922397 error_info_injector CallUnexpected 14871->14889 14872 92229e error_info_injector 14873 92ae3f _ValidateLocalCookies 5 API calls 14872->14873 14874 922310 14873->14874 14874->14773 14875 922048 error_info_injector 14875->14861 14875->14876 14876->14865 14876->14872 14877 922404 CloseHandle 14877->14889 14878 923020 41 API calls 14878->14889 14879 922462 CreateToolhelp32Snapshot 14880 92249a Process32FirstW 14879->14880 14879->14889 14881 922573 FindCloseChangeNotification 14880->14881 14880->14889 14881->14889 14882 922890 14883 92fa73 39 API calls 14882->14883 14886 922895 14883->14886 14884 92254c Process32NextW 14884->14889 14885 9225f6 OpenProcess 14887 922616 K32GetProcessImageFileNameW 14885->14887 14885->14889 14887->14889 14888 921d20 73 API calls 14888->14889 14889->14877 14889->14878 14889->14879 14889->14881 14889->14882 14889->14884 14889->14885 14889->14888 14890 923ad0 41 API calls 14889->14890 14891 92263b CloseHandle 14889->14891 14892 922666 GetLastError 14889->14892 14893 92274d GetProcessTimes 14889->14893 14896 9226fb Sleep 14889->14896 14897 922841 14889->14897 14901 9227e7 Sleep 14889->14901 14890->14889 14891->14885 14891->14889 14894 922675 Sleep 14892->14894 14892->14897 14895 92279b GetSystemTimeAsFileTime 14893->14895 14893->14897 14894->14889 14895->14889 14895->14897 14896->14889 14897->14882 14899 92286a error_info_injector 14897->14899 14898 92ae3f _ValidateLocalCookies 5 API calls 14900 92288c 14898->14900 14899->14898 14900->14773 14901->14889 14903 92f9af ___std_exception_copy 39 API calls 14902->14903 14904 92fa82 14903->14904 14905 92fa90 __Getcoll 11 API calls 14904->14905 14906 92fa8f 14905->14906 14910 92ae57 14907->14910 14909 92ae71 14909->14819 14910->14909 14911 930892 std::_Facet_Register 2 API calls 14910->14911 14912 921160 Concurrency::cancel_current_task 14910->14912 14938 9300fb 14910->14938 14911->14910 14913 92ae7d 14912->14913 14927 92c2fb 14912->14927 14913->14913 14915 92117c 14930 92bf61 14915->14930 14919 92116e Concurrency::cancel_current_task 14918->14919 14920 92c2fb Concurrency::cancel_current_task RaiseException 14919->14920 14921 92117c 14920->14921 14922 92bf61 ___std_exception_copy 40 API calls 14921->14922 14923 9211a3 14922->14923 14923->14815 14957 92a414 14924->14957 14928 92c342 RaiseException 14927->14928 14929 92c315 14927->14929 14928->14915 14929->14928 14931 9211a3 14930->14931 14932 92bf6e 14930->14932 14931->14819 14932->14931 14933 9300fb _Yarn 15 API calls 14932->14933 14934 92bf8b 14933->14934 14935 92bf9b 14934->14935 14945 93317a 14934->14945 14954 92f73c 14935->14954 14942 934f92 _unexpected 14938->14942 14939 934fd0 14941 92fb3e __Wcscoll 14 API calls 14939->14941 14940 934fbb HeapAlloc 14940->14942 14943 934fce 14940->14943 14941->14943 14942->14939 14942->14940 14944 930892 std::_Facet_Register 2 API calls 14942->14944 14943->14910 14944->14942 14946 933196 14945->14946 14947 933188 14945->14947 14948 92fb3e __Wcscoll 14 API calls 14946->14948 14947->14946 14952 9331ae 14947->14952 14949 93319e 14948->14949 14950 92fa63 ___std_exception_copy 39 API calls 14949->14950 14951 9331a8 14950->14951 14951->14935 14952->14951 14953 92fb3e __Wcscoll 14 API calls 14952->14953 14953->14949 14955 933adc ___free_lconv_mon 14 API calls 14954->14955 14956 92f754 14955->14956 14956->14931 14962 92a217 14957->14962 14960 92c2fb Concurrency::cancel_current_task RaiseException 14961 92a433 14960->14961 14965 92a1c7 14962->14965 14966 92bf61 ___std_exception_copy 40 API calls 14965->14966 14967 92a1f3 14966->14967 14967->14960 14969 92a414 41 API calls 14968->14969 14971 923f8a 14969->14971 14970 923fb9 error_info_injector 14970->14846 14971->14970 14972 92fa73 39 API calls 14971->14972 14973 923fe0 14972->14973 14975 92a5ec __EH_prolog3 14974->14975 15057 92a138 14975->15057 14980 92a60a 15069 92a765 14980->15069 14981 92a665 CallUnexpected 14981->14850 14985 92a628 15079 92a190 14985->15079 14987 92a138 std::_Lockit::_Lockit 7 API calls 14986->14987 14988 92323d 14987->14988 14989 92a138 std::_Lockit::_Lockit 7 API calls 14988->14989 14991 923280 14988->14991 14990 923260 14989->14990 14992 92a190 std::_Lockit::~_Lockit 2 API calls 14990->14992 15006 9232aa 14991->15006 15209 9236c0 14991->15209 14992->14991 14993 92a190 std::_Lockit::~_Lockit 2 API calls 14994 9232b5 14993->14994 14996 92a138 std::_Lockit::_Lockit 7 API calls 14994->14996 14997 9232c4 14996->14997 15002 92a138 std::_Lockit::_Lockit 7 API calls 14997->15002 15012 923309 14997->15012 14998 92336c 14999 923414 14998->14999 15000 923378 14998->15000 15283 921230 14999->15283 15246 92a5ae 15000->15246 15005 9232e9 15002->15005 15004 923419 15008 921230 Concurrency::cancel_current_task 41 API calls 15004->15008 15010 92a190 std::_Lockit::~_Lockit 2 API calls 15005->15010 15006->14993 15007 9233e4 15009 92a190 std::_Lockit::~_Lockit 2 API calls 15007->15009 15015 92341e 15008->15015 15011 9233fc 15009->15011 15010->15012 15011->14852 15012->15007 15249 921540 15012->15249 15013 92344a error_info_injector 15013->14852 15015->15013 15018 92fa73 39 API calls 15015->15018 15016 9233cc 15016->15004 15017 9233d4 15016->15017 15019 92a5ae std::_Facet_Register 41 API calls 15017->15019 15020 923472 15018->15020 15019->15007 15020->14852 15022 92ae52 std::_Facet_Register 41 API calls 15021->15022 15023 92394e 15022->15023 15488 924250 15023->15488 15026 9239b6 15030 92ae52 std::_Facet_Register 41 API calls 15026->15030 15027 923abe 15500 924000 15027->15500 15031 9239e6 15030->15031 15032 92ae52 std::_Facet_Register 41 API calls 15031->15032 15033 923a3e 15032->15033 15033->14856 15035 92595c 15034->15035 15040 925857 15034->15040 15036 923f80 41 API calls 15035->15036 15047 9258b4 _Yarn CallUnexpected 15036->15047 15037 925957 15038 921160 Concurrency::cancel_current_task 41 API calls 15037->15038 15038->15035 15039 92fa73 39 API calls 15041 925966 15039->15041 15040->15037 15042 9258a3 15040->15042 15043 9258ca 15040->15043 15042->15037 15044 9258ae 15042->15044 15046 92ae52 std::_Facet_Register 41 API calls 15043->15046 15043->15047 15045 92ae52 std::_Facet_Register 41 API calls 15044->15045 15045->15047 15046->15047 15047->15039 15048 925931 error_info_injector 15047->15048 15048->14864 15050 924600 15049->15050 15052 92460d 15049->15052 15512 924790 15050->15512 15054 924636 15052->15054 15518 926fa0 15052->15518 15055 924790 41 API calls 15054->15055 15056 9246b4 15054->15056 15055->15056 15056->14875 15058 92a147 15057->15058 15059 92a14e 15057->15059 15086 9300e4 15058->15086 15062 92a14c 15059->15062 15091 92ac7d EnterCriticalSection 15059->15091 15062->14985 15063 92a742 15062->15063 15064 92ae52 std::_Facet_Register 41 API calls 15063->15064 15066 92a74d 15064->15066 15065 92a761 15065->14980 15066->15065 15143 92a474 15066->15143 15070 92a612 15069->15070 15071 92a771 15069->15071 15073 92a538 15070->15073 15146 92ad07 15071->15146 15074 92a546 15073->15074 15078 92a571 _Yarn 15073->15078 15075 92a552 15074->15075 15076 92f73c ___vcrt_freefls@4 14 API calls 15074->15076 15077 9300fb _Yarn 15 API calls 15075->15077 15075->15078 15076->15075 15077->15078 15078->14985 15080 9300f2 15079->15080 15081 92a19a 15079->15081 15208 9300cd LeaveCriticalSection 15080->15208 15085 92a1ad 15081->15085 15207 92ac8b LeaveCriticalSection 15081->15207 15083 9300f9 15083->14981 15085->14981 15092 934f11 15086->15092 15091->15062 15113 9348dd 15092->15113 15112 934f43 15112->15112 15114 934ac6 _unexpected 5 API calls 15113->15114 15115 9348f3 15114->15115 15116 9348f7 15115->15116 15117 934ac6 _unexpected 5 API calls 15116->15117 15118 93490d 15117->15118 15119 934911 15118->15119 15120 934ac6 _unexpected 5 API calls 15119->15120 15121 934927 15120->15121 15122 93492b 15121->15122 15123 934ac6 _unexpected 5 API calls 15122->15123 15124 934941 15123->15124 15125 934945 15124->15125 15126 934ac6 _unexpected 5 API calls 15125->15126 15127 93495b 15126->15127 15128 93495f 15127->15128 15129 934ac6 _unexpected 5 API calls 15128->15129 15130 934975 15129->15130 15131 934979 15130->15131 15132 934ac6 _unexpected 5 API calls 15131->15132 15133 93498f 15132->15133 15134 934993 15133->15134 15135 934ac6 _unexpected 5 API calls 15134->15135 15136 9349a9 15135->15136 15137 9349c7 15136->15137 15138 934ac6 _unexpected 5 API calls 15137->15138 15139 9349dd 15138->15139 15140 9349ad 15139->15140 15141 934ac6 _unexpected 5 API calls 15140->15141 15142 9349c3 15141->15142 15142->15112 15144 92a538 _Yarn 15 API calls 15143->15144 15145 92a4ae 15144->15145 15145->14980 15147 92ad17 EncodePointer 15146->15147 15148 93079b 15146->15148 15147->15070 15147->15148 15159 936637 15148->15159 15151 9307ab 15153 9307b5 IsProcessorFeaturePresent 15151->15153 15158 9307d4 15151->15158 15154 9307c1 15153->15154 15156 92f867 CallUnexpected 8 API calls 15154->15156 15155 930d3f CallUnexpected 21 API calls 15157 9307de 15155->15157 15156->15158 15158->15155 15189 936565 15159->15189 15162 93667c 15163 936688 ___scrt_is_nonwritable_in_current_image 15162->15163 15164 933fa6 __Wcscoll 14 API calls 15163->15164 15165 9366d8 15163->15165 15166 9366ea CallUnexpected 15163->15166 15171 9366b9 CallUnexpected 15163->15171 15164->15171 15167 92fb3e __Wcscoll 14 API calls 15165->15167 15168 936720 CallUnexpected 15166->15168 15200 930085 EnterCriticalSection 15166->15200 15169 9366dd 15167->15169 15174 93685a 15168->15174 15175 93675d 15168->15175 15185 93678b 15168->15185 15172 92fa63 ___std_exception_copy 39 API calls 15169->15172 15171->15165 15171->15166 15188 9366c2 15171->15188 15172->15188 15176 936865 15174->15176 15205 9300cd LeaveCriticalSection 15174->15205 15180 933e54 _unexpected 39 API calls 15175->15180 15175->15185 15179 930d3f CallUnexpected 21 API calls 15176->15179 15181 93686d 15179->15181 15182 936780 15180->15182 15184 933e54 _unexpected 39 API calls 15182->15184 15183 933e54 _unexpected 39 API calls 15186 9367e0 15183->15186 15184->15185 15201 936806 15185->15201 15187 933e54 _unexpected 39 API calls 15186->15187 15186->15188 15187->15188 15188->15151 15190 936571 ___scrt_is_nonwritable_in_current_image 15189->15190 15195 930085 EnterCriticalSection 15190->15195 15192 93657f 15196 9365c1 15192->15196 15195->15192 15199 9300cd LeaveCriticalSection 15196->15199 15198 9307a0 15198->15151 15198->15162 15199->15198 15200->15168 15202 93680a 15201->15202 15204 9367d2 15201->15204 15206 9300cd LeaveCriticalSection 15202->15206 15204->15183 15204->15186 15204->15188 15205->15176 15206->15204 15207->15085 15208->15083 15210 923700 15209->15210 15245 923884 error_info_injector 15209->15245 15212 92ae52 std::_Facet_Register 41 API calls 15210->15212 15210->15245 15211 92ae3f _ValidateLocalCookies 5 API calls 15213 9238ab 15211->15213 15214 923710 15212->15214 15213->14998 15289 921310 15214->15289 15217 92a138 std::_Lockit::_Lockit 7 API calls 15218 923745 15217->15218 15219 92378e 15218->15219 15220 9238af 15218->15220 15308 92a6dd 15219->15308 15328 92a454 15220->15328 15223 9238b9 15225 92fa73 39 API calls 15223->15225 15227 9238be 15225->15227 15227->14998 15231 92f73c ___vcrt_freefls@4 14 API calls 15232 9237d9 15231->15232 15233 92f73c ___vcrt_freefls@4 14 API calls 15232->15233 15234 9237f0 15232->15234 15233->15234 15235 923807 15234->15235 15236 92f73c ___vcrt_freefls@4 14 API calls 15234->15236 15237 92381e 15235->15237 15238 92f73c ___vcrt_freefls@4 14 API calls 15235->15238 15236->15235 15239 923835 15237->15239 15240 92f73c ___vcrt_freefls@4 14 API calls 15237->15240 15238->15237 15241 92384c 15239->15241 15242 92f73c ___vcrt_freefls@4 14 API calls 15239->15242 15240->15239 15243 92a190 std::_Lockit::~_Lockit 2 API calls 15241->15243 15242->15241 15244 92385e 15243->15244 15244->15223 15244->15245 15245->15211 15247 92ae52 std::_Facet_Register 41 API calls 15246->15247 15248 92a5b9 15247->15248 15248->15006 15250 921724 15249->15250 15251 921589 15249->15251 15250->15016 15251->15250 15252 92ae52 std::_Facet_Register 41 API calls 15251->15252 15253 921599 15252->15253 15254 92a138 std::_Lockit::_Lockit 7 API calls 15253->15254 15255 9215ce 15254->15255 15256 921616 15255->15256 15257 92173d 15255->15257 15259 92a6dd std::_Locinfo::_Locinfo_ctor 67 API calls 15256->15259 15258 92a454 41 API calls 15257->15258 15261 921747 15258->15261 15260 921623 15259->15260 15450 92a891 15260->15450 15472 92a7f2 GetStringTypeW 15261->15472 15265 92175f 15265->15016 15268 92a728 std::_Locinfo::_Locinfo_dtor 66 API calls 15269 921686 15268->15269 15270 921696 15269->15270 15271 92f73c ___vcrt_freefls@4 14 API calls 15269->15271 15272 9216ad 15270->15272 15273 92f73c ___vcrt_freefls@4 14 API calls 15270->15273 15271->15270 15274 9216c4 15272->15274 15275 92f73c ___vcrt_freefls@4 14 API calls 15272->15275 15273->15272 15276 9216db 15274->15276 15277 92f73c ___vcrt_freefls@4 14 API calls 15274->15277 15275->15274 15278 9216f2 15276->15278 15279 92f73c ___vcrt_freefls@4 14 API calls 15276->15279 15277->15276 15280 92170c 15278->15280 15281 92f73c ___vcrt_freefls@4 14 API calls 15278->15281 15279->15278 15282 92a190 std::_Lockit::~_Lockit 2 API calls 15280->15282 15281->15280 15282->15250 15284 92123e Concurrency::cancel_current_task 15283->15284 15285 92c2fb Concurrency::cancel_current_task RaiseException 15284->15285 15286 92124c 15285->15286 15287 92bf61 ___std_exception_copy 40 API calls 15286->15287 15288 921273 15287->15288 15288->15004 15290 92133c 15289->15290 15306 92137a _Yarn error_info_injector 15289->15306 15292 921375 15290->15292 15293 921528 15290->15293 15291 92ae3f _ValidateLocalCookies 5 API calls 15294 921522 15291->15294 15298 9213b8 15292->15298 15302 9213f7 15292->15302 15303 921404 15292->15303 15292->15306 15295 921200 41 API calls 15293->15295 15294->15217 15299 92152d 15295->15299 15296 921532 15300 92fa73 39 API calls 15296->15300 15297 921509 error_info_injector 15297->15291 15305 92ae52 std::_Facet_Register 41 API calls 15298->15305 15301 921160 Concurrency::cancel_current_task 41 API calls 15299->15301 15304 921537 15300->15304 15301->15296 15302->15298 15302->15299 15303->15306 15307 92ae52 std::_Facet_Register 41 API calls 15303->15307 15305->15306 15306->15296 15306->15297 15307->15306 15333 93035b 15308->15333 15311 92a538 _Yarn 15 API calls 15312 92a701 15311->15312 15313 92a711 15312->15313 15314 93035b std::_Locinfo::_Locinfo_dtor 66 API calls 15312->15314 15315 92a538 _Yarn 15 API calls 15313->15315 15314->15313 15316 923798 15315->15316 15317 92a8fc 15316->15317 15403 92fb76 15317->15403 15322 9237aa 15324 92a728 15322->15324 15325 9237c9 15324->15325 15326 92a734 15324->15326 15325->15231 15325->15232 15327 93035b std::_Locinfo::_Locinfo_dtor 66 API calls 15326->15327 15327->15325 15447 92a2be 15328->15447 15331 92c2fb Concurrency::cancel_current_task RaiseException 15332 92a473 15331->15332 15334 934f11 std::_Lockit::_Lockit 5 API calls 15333->15334 15335 930368 15334->15335 15338 930106 15335->15338 15339 930112 ___scrt_is_nonwritable_in_current_image 15338->15339 15346 930085 EnterCriticalSection 15339->15346 15341 930120 15347 930161 15341->15347 15346->15341 15372 9302c0 15347->15372 15349 93017c 15350 933e54 _unexpected 39 API calls 15349->15350 15367 93012d 15349->15367 15351 930189 15350->15351 15396 93563c 15351->15396 15354 934f92 std::_Locinfo::_Locinfo_dtor 15 API calls 15355 9301da 15354->15355 15358 93563c std::_Locinfo::_Locinfo_dtor 41 API calls 15355->15358 15355->15367 15356 92fa90 __Getcoll 11 API calls 15357 9302bf 15356->15357 15359 9301f6 15358->15359 15360 930218 15359->15360 15361 9301fd 15359->15361 15365 933adc ___free_lconv_mon 14 API calls 15360->15365 15366 930243 15360->15366 15362 9301b5 15361->15362 15363 93020f 15361->15363 15362->15356 15362->15367 15364 933adc ___free_lconv_mon 14 API calls 15363->15364 15364->15367 15365->15366 15366->15367 15368 933adc ___free_lconv_mon 14 API calls 15366->15368 15369 930155 15367->15369 15368->15367 15402 9300cd LeaveCriticalSection 15369->15402 15371 92a6e9 15371->15311 15373 9302da 15372->15373 15374 9302cc 15372->15374 15375 935283 std::_Locinfo::_Locinfo_dtor 41 API calls 15373->15375 15376 9323ae std::_Locinfo::_Locinfo_dtor 63 API calls 15374->15376 15377 9302f1 15375->15377 15378 9302d6 15376->15378 15379 930350 15377->15379 15380 934140 _unexpected 14 API calls 15377->15380 15378->15349 15381 92fa90 __Getcoll 11 API calls 15379->15381 15382 93030c 15380->15382 15383 93035a 15381->15383 15385 935283 std::_Locinfo::_Locinfo_dtor 41 API calls 15382->15385 15394 930334 15382->15394 15387 934f11 std::_Lockit::_Lockit 5 API calls 15383->15387 15384 933adc ___free_lconv_mon 14 API calls 15386 930349 15384->15386 15388 930323 15385->15388 15386->15349 15389 930368 15387->15389 15390 930336 15388->15390 15391 93032a 15388->15391 15392 930106 std::_Locinfo::_Locinfo_dtor 66 API calls 15389->15392 15393 9323ae std::_Locinfo::_Locinfo_dtor 63 API calls 15390->15393 15391->15379 15391->15394 15395 930391 15392->15395 15393->15394 15394->15384 15395->15349 15397 935650 ___std_exception_copy 15396->15397 15398 9352c0 std::_Locinfo::_Locinfo_dtor 41 API calls 15397->15398 15399 935668 15398->15399 15400 92f79f ___std_exception_copy 39 API calls 15399->15400 15401 9301ae 15400->15401 15401->15354 15401->15362 15402->15371 15404 933e54 _unexpected 39 API calls 15403->15404 15405 92fb81 15404->15405 15422 934765 15405->15422 15408 92fb9b 15409 933e54 _unexpected 39 API calls 15408->15409 15410 92fba6 15409->15410 15411 934765 __Getcoll 39 API calls 15410->15411 15412 92a909 15411->15412 15412->15322 15413 9303e4 15412->15413 15414 9303f1 15413->15414 15415 93042c 15413->15415 15414->15414 15416 9300fb _Yarn 15 API calls 15414->15416 15415->15322 15417 930414 15416->15417 15417->15415 15418 93394b __Getcoll 39 API calls 15417->15418 15419 930425 15418->15419 15419->15415 15420 92fa90 __Getcoll 11 API calls 15419->15420 15421 930442 15420->15421 15423 934778 15422->15423 15425 92a902 15422->15425 15423->15425 15426 939473 15423->15426 15425->15408 15427 93947f ___scrt_is_nonwritable_in_current_image 15426->15427 15428 933e54 _unexpected 39 API calls 15427->15428 15429 939488 15428->15429 15430 9394ce 15429->15430 15439 930085 EnterCriticalSection 15429->15439 15430->15425 15432 9394a6 15440 9394f4 15432->15440 15437 93079b CallUnexpected 39 API calls 15438 9394f3 15437->15438 15439->15432 15441 939502 __Getcoll 15440->15441 15443 9394b7 15440->15443 15442 939227 __Getcoll 14 API calls 15441->15442 15441->15443 15442->15443 15444 9394d3 15443->15444 15445 9300cd std::_Lockit::~_Lockit LeaveCriticalSection 15444->15445 15446 9394ca 15445->15446 15446->15430 15446->15437 15448 92a1c7 std::exception::exception 40 API calls 15447->15448 15449 92a2d0 15448->15449 15449->15331 15473 92fb51 15450->15473 15452 92a89a __Getctype 15453 92a8d2 15452->15453 15454 92a8b4 15452->15454 15455 930393 __Getctype 39 API calls 15453->15455 15478 930393 15454->15478 15457 92a8bb 15455->15457 15458 92fb9b __Wcscoll 39 API calls 15457->15458 15459 92a8e3 15458->15459 15460 92163c 15459->15460 15461 9303e4 __Getcoll 40 API calls 15459->15461 15462 92a9e7 15460->15462 15461->15460 15463 92a9fa CallUnexpected 15462->15463 15464 92fb51 __Getctype 39 API calls 15463->15464 15465 92aa02 15464->15465 15483 92fbc2 15465->15483 15468 92fb9b __Wcscoll 39 API calls 15469 92aa11 15468->15469 15470 930393 __Getctype 39 API calls 15469->15470 15471 92164f 15469->15471 15470->15471 15471->15268 15472->15265 15474 933e54 _unexpected 39 API calls 15473->15474 15475 92fb5c 15474->15475 15476 934765 __Getcoll 39 API calls 15475->15476 15477 92fb6c 15476->15477 15477->15452 15479 933e54 _unexpected 39 API calls 15478->15479 15480 93039e 15479->15480 15481 934765 __Getcoll 39 API calls 15480->15481 15482 9303ae 15481->15482 15482->15457 15484 933e54 _unexpected 39 API calls 15483->15484 15485 92fbcd 15484->15485 15486 934765 __Getcoll 39 API calls 15485->15486 15487 92aa09 15486->15487 15487->15468 15489 924271 15488->15489 15490 9239ab 15489->15490 15492 92ae52 std::_Facet_Register 41 API calls 15489->15492 15497 924301 15489->15497 15490->15026 15490->15027 15491 92ae52 std::_Facet_Register 41 API calls 15493 92435f 15491->15493 15495 924289 15492->15495 15494 92ae52 std::_Facet_Register 41 API calls 15493->15494 15498 9243b6 15494->15498 15496 92ae52 std::_Facet_Register 41 API calls 15495->15496 15496->15497 15497->15491 15498->15490 15499 92ae52 41 API calls std::_Facet_Register 15498->15499 15499->15498 15503 92a434 15500->15503 15508 92a275 15503->15508 15506 92c2fb Concurrency::cancel_current_task RaiseException 15507 92a453 15506->15507 15509 92a289 std::regex_error::regex_error 15508->15509 15510 92a1c7 std::exception::exception 40 API calls 15509->15510 15511 92a292 15510->15511 15511->15506 15513 9247b7 15512->15513 15514 9247c9 15512->15514 15513->15052 15516 9247f4 15514->15516 15533 9270e0 15514->15533 15516->15052 15517 9247ed 15517->15052 15519 9270c8 15518->15519 15524 926fb7 15518->15524 15520 923f80 41 API calls 15519->15520 15531 927014 _Yarn 15520->15531 15521 9270c3 15522 921160 Concurrency::cancel_current_task 41 API calls 15521->15522 15522->15519 15523 92fa73 39 API calls 15525 9270d2 15523->15525 15524->15521 15526 927003 15524->15526 15527 92702a 15524->15527 15526->15521 15528 92700e 15526->15528 15530 92ae52 std::_Facet_Register 41 API calls 15527->15530 15527->15531 15529 92ae52 std::_Facet_Register 41 API calls 15528->15529 15529->15531 15530->15531 15531->15523 15531->15531 15532 92709d error_info_injector 15531->15532 15532->15054 15534 927248 15533->15534 15539 9270fc 15533->15539 15535 923f80 41 API calls 15534->15535 15544 927172 _Yarn 15535->15544 15536 927243 15537 921160 Concurrency::cancel_current_task 41 API calls 15536->15537 15537->15534 15538 92fa73 39 API calls 15540 927252 15538->15540 15539->15536 15541 927161 15539->15541 15542 927188 15539->15542 15541->15536 15543 92716c 15541->15543 15542->15544 15545 92ae52 std::_Facet_Register 41 API calls 15542->15545 15546 92ae52 std::_Facet_Register 41 API calls 15543->15546 15544->15538 15547 927217 error_info_injector 15544->15547 15545->15544 15546->15544 15547->15517 18039 933d1b 18040 933d26 18039->18040 18041 933d36 18039->18041 18045 933d3c 18040->18045 18044 933adc ___free_lconv_mon 14 API calls 18044->18041 18046 933d51 18045->18046 18047 933d57 18045->18047 18048 933adc ___free_lconv_mon 14 API calls 18046->18048 18049 933adc ___free_lconv_mon 14 API calls 18047->18049 18048->18047 18050 933d63 18049->18050 18051 933adc ___free_lconv_mon 14 API calls 18050->18051 18052 933d6e 18051->18052 18053 933adc ___free_lconv_mon 14 API calls 18052->18053 18054 933d79 18053->18054 18055 933adc ___free_lconv_mon 14 API calls 18054->18055 18056 933d84 18055->18056 18057 933adc ___free_lconv_mon 14 API calls 18056->18057 18058 933d8f 18057->18058 18059 933adc ___free_lconv_mon 14 API calls 18058->18059 18060 933d9a 18059->18060 18061 933adc ___free_lconv_mon 14 API calls 18060->18061 18062 933da5 18061->18062 18063 933adc ___free_lconv_mon 14 API calls 18062->18063 18064 933db0 18063->18064 18065 933adc ___free_lconv_mon 14 API calls 18064->18065 18066 933dbe 18065->18066 18071 933b68 18066->18071 18072 933b74 ___scrt_is_nonwritable_in_current_image 18071->18072 18087 930085 EnterCriticalSection 18072->18087 18074 933ba8 18088 933bc7 18074->18088 18076 933b7e 18076->18074 18078 933adc ___free_lconv_mon 14 API calls 18076->18078 18078->18074 18079 933bd3 18080 933bdf ___scrt_is_nonwritable_in_current_image 18079->18080 18092 930085 EnterCriticalSection 18080->18092 18082 933be9 18083 933e09 _unexpected 14 API calls 18082->18083 18084 933bfc 18083->18084 18093 933c1c 18084->18093 18087->18076 18091 9300cd LeaveCriticalSection 18088->18091 18090 933bb5 18090->18079 18091->18090 18092->18082 18096 9300cd LeaveCriticalSection 18093->18096 18095 933c0a 18095->18044 18096->18095 16526 92101b 16529 92b0be 16526->16529 16532 92b091 16529->16532 16533 92b0a0 16532->16533 16534 92b0a7 16532->16534 16538 931648 16533->16538 16541 9316c5 16534->16541 16537 921020 16539 9316c5 42 API calls 16538->16539 16540 93165a 16539->16540 16540->16537 16544 931411 16541->16544 16545 93141d ___scrt_is_nonwritable_in_current_image 16544->16545 16552 930085 EnterCriticalSection 16545->16552 16547 93142b 16553 93146c 16547->16553 16549 931438 16563 931460 16549->16563 16552->16547 16554 931487 16553->16554 16562 9314fa _unexpected 16553->16562 16555 9314da 16554->16555 16556 9307fb 42 API calls 16554->16556 16554->16562 16557 9307fb 42 API calls 16555->16557 16555->16562 16558 9314d0 16556->16558 16559 9314f0 16557->16559 16560 933adc ___free_lconv_mon 14 API calls 16558->16560 16561 933adc ___free_lconv_mon 14 API calls 16559->16561 16560->16555 16561->16562 16562->16549 16566 9300cd LeaveCriticalSection 16563->16566 16565 931449 16565->16537 16566->16565 17068 92f62e 17071 92f63a ___scrt_is_nonwritable_in_current_image ___crtCompareStringW 17068->17071 17069 92f641 17070 92fb3e __Wcscoll 14 API calls 17069->17070 17072 92f646 17070->17072 17071->17069 17074 92f667 17071->17074 17073 92fa63 ___std_exception_copy 39 API calls 17072->17073 17075 92f651 17073->17075 17081 930085 EnterCriticalSection 17074->17081 17077 92f672 17082 92f6ad 17077->17082 17081->17077 17084 92f6bb 17082->17084 17083 92f67d 17086 92f6a4 17083->17086 17084->17083 17085 9339af 40 API calls 17084->17085 17085->17084 17089 9300cd LeaveCriticalSection 17086->17089 17088 92f6ab 17088->17075 17089->17088 18279 931d42 18282 931a0e 18279->18282 18283 931a1a ___scrt_is_nonwritable_in_current_image 18282->18283 18290 930085 EnterCriticalSection 18283->18290 18285 931a52 18291 931a70 18285->18291 18286 931a24 18286->18285 18289 9394f4 __Getcoll 14 API calls 18286->18289 18289->18286 18290->18286 18294 9300cd LeaveCriticalSection 18291->18294 18293 931a5e 18294->18293

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00922B30 Relevance: 79.0, APIs: 31, Strings: 14, Instructions: 216processCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WTSGetActiveConsoleSessionId.KERNEL32(74DF30D0,00000000,74DF1EA0), ref: 00922B4D
                                                                                                                                                                                                                  • WTSQueryUserToken.WTSAPI32(00000000,?), ref: 00922B73
                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000013(TokenIntegrityLevel),00000000,00000004,?), ref: 00922BAD
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00922BBD
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00922BD0
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000001), ref: 00922CAE
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00922CFD
                                                                                                                                                                                                                  • CreateProcessAsUserW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000480,?,00000000,?,?), ref: 00922D32
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00922D49
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00922D51
                                                                                                                                                                                                                  • DestroyEnvironmentBlock.USERENV(?), ref: 00922D59
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00922D65
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00922D6D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseHandle$TokenUserwsprintf$ActiveBlockConsoleCreateDestroyEnvironmentErrorInformationLastProcessQuerySession
                                                                                                                                                                                                                  • String ID: $%ws\fast!\fast!.exe$D$Fast Engine: Convert SID error$Fast Engine: Create Env Block Error %d$Fast Engine: Create Process Error %d$Fast Engine: Duplicate Token Error$Fast Engine: Query User Token Error %d$Fast Engine: Set Token Info Error$Fast Engine: Set Token Info Error$Fast Engine: Token Error %d$ProgramFiles$S-1-5-32-544$winsta0\default
                                                                                                                                                                                                                  • API String ID: 413331851-1399582880
                                                                                                                                                                                                                  • Opcode ID: 29da76e46be12218e7e3fdee4d01fc34d5d6ac5139204001ab2e610eb19b63d5
                                                                                                                                                                                                                  • Instruction ID: 8a3397a999e4d9177cfb450737761da202a7ffbe093bff8c098e67e551d08dc4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29da76e46be12218e7e3fdee4d01fc34d5d6ac5139204001ab2e610eb19b63d5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F47182B1F4422CAADF20AB64EC45FEDB778EF84708F0040E5F708A6191DA715E849F69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00921D20 Relevance: 27.0, APIs: 13, Strings: 2, Instructions: 735sleepprocessCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 31 921d20-921e79 call 92a5e0 call 923200 call 92ae52 call 924010 call 923910 42 921e7b 31->42 43 921e7f-921e96 call 9231b0 31->43 42->43 46 921e98-921eaf 43->46 47 921ecf-921f53 call 923020 43->47 48 921eb1-921ebf 46->48 49 921ec5-921ecc call 92b0d3 46->49 56 921f55-921f5b 47->56 57 921f5d-921f60 47->57 48->49 51 922314 call 92fa73 48->51 49->47 58 922319 call 92fa73 51->58 59 921f63-921f68 56->59 57->59 65 92231e-922339 call 92fa73 58->65 61 922205 59->61 62 921f6e-922025 59->62 66 92220b 61->66 63 922031-92204f call 9245f0 62->63 64 922027-92202c call 925840 62->64 75 922051-922061 63->75 76 922096-92209e 63->76 64->63 77 92233b-92235c 65->77 78 92238f-922391 65->78 70 92220d-922213 66->70 73 922215-922227 70->73 74 92224a-922260 70->74 79 922229-922237 73->79 80 92223d-922247 call 92b0d3 73->80 81 922262-922288 74->81 82 9222ab-9222ad 74->82 85 922063-922071 75->85 86 922077-92208f call 92b0d3 75->86 89 9220a0-9220b3 76->89 90 9220f1-9220f9 76->90 87 922370-922388 call 92b0d3 77->87 88 92235e-92236c 77->88 79->65 79->80 80->74 92 92228a-922298 81->92 93 92229e-9222a8 call 92b0d3 81->93 83 9222d7-9222e3 82->83 84 9222af-9222b7 82->84 99 9222f6-922313 call 92ae3f 83->99 100 9222e5-9222ec 83->100 84->83 97 9222b9-9222be 84->97 85->58 85->86 86->76 87->78 101 922392-9223fc call 92fa73 88->101 102 92236e 88->102 103 9220b5-9220c3 89->103 104 9220c9-9220e7 call 92b0d3 89->104 94 9220fb-92210e 90->94 95 92214c-922154 90->95 92->65 92->93 93->82 108 922110-92211e 94->108 109 922124-922142 call 92b0d3 94->109 112 922156-922169 95->112 113 9221a7-9221af 95->113 97->83 111 9222c0-9222d5 97->111 100->99 131 9222ee-9222f2 100->131 137 922400-922402 101->137 102->87 103->58 103->104 104->90 108->58 108->109 109->95 111->83 121 92216b-922179 112->121 122 92217f-92219d call 92b0d3 112->122 124 9221b1-9221c4 113->124 125 9221e4-9221ef 113->125 121->58 121->122 122->113 132 9221c6-9221d4 124->132 133 9221da-9221e1 call 92b0d3 124->133 125->66 134 9221f1-9221ff 125->134 131->99 132->58 132->133 133->125 134->66 136 922201-922203 134->136 136->70 140 922404-922405 CloseHandle 137->140 141 92240b-92248a call 923020 call 92df60 CreateToolhelp32Snapshot 137->141 140->141 146 92249a-9224aa Process32FirstW 141->146 147 92248c-922495 141->147 149 922573-92258d FindCloseChangeNotification 146->149 150 9224b0-9224be 146->150 148 922590-92259a 147->148 152 9225cb-9225f0 call 92b0e1 148->152 153 92259c-9225ab 148->153 149->148 151 9224c0-9224c9 150->151 154 9224d0-9224d9 151->154 166 9225f6-922614 OpenProcess 152->166 167 9226c7-9226d8 call 92ae4d 152->167 155 9225c1-9225c8 call 92b0d3 153->155 156 9225ad-9225bb 153->156 154->154 158 9224db-9224f2 154->158 155->152 156->155 159 922890-922895 call 92fa73 156->159 163 9224f4-9224fc 158->163 164 92254c-922561 Process32NextW 158->164 170 922513-922515 163->170 171 9224fe 163->171 164->151 168 922567-92256d 164->168 172 922616-922622 K32GetProcessImageFileNameW 166->172 173 922628-922635 call 921d20 166->173 181 922660 167->181 182 9226da-9226e2 167->182 168->149 177 922517-922528 170->177 178 92252a-922543 call 923ad0 170->178 176 922500-922506 171->176 172->173 186 9226c1 173->186 187 92263b-922650 CloseHandle 173->187 183 922508-922511 176->183 184 922549 176->184 177->184 178->184 188 922666-92266f GetLastError 181->188 182->188 190 9226e4-9226eb 182->190 183->170 183->176 184->164 186->167 187->166 191 922652-92265d call 92ae4d 187->191 194 922847-922849 188->194 195 922675-922689 Sleep 188->195 192 92274d-922795 GetProcessTimes 190->192 193 9226ed-9226f5 190->193 191->181 192->194 198 92279b-9227db GetSystemTimeAsFileTime 192->198 199 9226f7-9226f9 193->199 200 9226fb-922715 Sleep 193->200 201 922874-92288f call 92ae3f 194->201 202 92284b-922858 194->202 195->137 197 92268f-92269c 195->197 208 9226b2-9226bc call 92b0d3 197->208 209 92269e-9226ac 197->209 204 922841 198->204 205 9227dd 198->205 199->192 199->200 200->137 207 92271b-922728 200->207 210 92286a-922871 call 92b0d3 202->210 211 92285a-922868 202->211 204->194 214 9227e7-922807 Sleep 205->214 215 9227df-9227e5 205->215 216 92272a-922738 207->216 217 92273e-922748 call 92b0d3 207->217 208->137 209->159 209->208 210->201 211->159 211->210 214->137 220 92280d-92281a 214->220 215->204 215->214 216->159 216->217 217->137 223 92282c-92283c call 92b0d3 220->223 224 92281c-92282a 220->224 223->137 224->159 224->223
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0092A5E0: __EH_prolog3.LIBCMT ref: 0092A5E7
                                                                                                                                                                                                                    • Part of subcall function 0092A5E0: std::_Lockit::_Lockit.LIBCPMT ref: 0092A5F2
                                                                                                                                                                                                                    • Part of subcall function 0092A5E0: std::locale::_Setgloballocale.LIBCPMT ref: 0092A60D
                                                                                                                                                                                                                    • Part of subcall function 0092A5E0: _Yarn.LIBCPMT ref: 0092A623
                                                                                                                                                                                                                    • Part of subcall function 0092A5E0: std::_Lockit::~_Lockit.LIBCPMT ref: 0092A660
                                                                                                                                                                                                                    • Part of subcall function 00923200: std::_Lockit::_Lockit.LIBCPMT ref: 00923238
                                                                                                                                                                                                                    • Part of subcall function 00923200: std::_Lockit::_Lockit.LIBCPMT ref: 0092325B
                                                                                                                                                                                                                    • Part of subcall function 00923200: std::_Lockit::~_Lockit.LIBCPMT ref: 0092327B
                                                                                                                                                                                                                    • Part of subcall function 00923200: std::_Lockit::~_Lockit.LIBCPMT ref: 009232B0
                                                                                                                                                                                                                    • Part of subcall function 00923200: std::_Lockit::_Lockit.LIBCPMT ref: 009232BF
                                                                                                                                                                                                                    • Part of subcall function 00923200: std::_Lockit::_Lockit.LIBCPMT ref: 009232E4
                                                                                                                                                                                                                    • Part of subcall function 00923200: std::_Lockit::~_Lockit.LIBCPMT ref: 00923304
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00922405
                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00922472
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,?,?,?,explorer.exe), ref: 00922606
                                                                                                                                                                                                                  • K32GetProcessImageFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 00922622
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,explorer.exe,?,?,?,?,?,?,?,00000000,00000000), ref: 00922641
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 00922666
                                                                                                                                                                                                                  • Sleep.KERNEL32(00002710), ref: 0092267A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_$Lockit::~_$CloseHandleProcess$CreateErrorFileH_prolog3ImageLastNameOpenSetgloballocaleSleepSnapshotToolhelp32Yarnstd::locale::_
                                                                                                                                                                                                                  • String ID: (\\Device\\HarddiskVolume)(\d+)(\\Windows\\explorer\.exe)$explorer.exe
                                                                                                                                                                                                                  • API String ID: 4108497731-2754912422
                                                                                                                                                                                                                  • Opcode ID: 8ab5c21d44148d7ad4f9ef0a8c2ba034951e44bf508967f3ce0b4cd0ea0ec015
                                                                                                                                                                                                                  • Instruction ID: 7c684d22f0a9747d2af5f8d7abce1556269d21b721b28f495b1b6ab7e7f77536
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ab5c21d44148d7ad4f9ef0a8c2ba034951e44bf508967f3ce0b4cd0ea0ec015
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33520571D002299FDF28CF28DC48B9EBBB4FF44314F148299E418AB299D7759A84CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 009223A0 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281sleepprocessCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 228 9223a0-9223fc 229 922400-922402 228->229 230 922404-922405 CloseHandle 229->230 231 92240b-92248a call 923020 call 92df60 CreateToolhelp32Snapshot 229->231 230->231 236 92249a-9224aa Process32FirstW 231->236 237 92248c-922495 231->237 239 922573-92258d FindCloseChangeNotification 236->239 240 9224b0-9224be 236->240 238 922590-92259a 237->238 242 9225cb-9225f0 call 92b0e1 238->242 243 92259c-9225ab 238->243 239->238 241 9224c0-9224c9 240->241 244 9224d0-9224d9 241->244 256 9225f6-922614 OpenProcess 242->256 257 9226c7-9226d8 call 92ae4d 242->257 245 9225c1-9225c8 call 92b0d3 243->245 246 9225ad-9225bb 243->246 244->244 248 9224db-9224f2 244->248 245->242 246->245 249 922890-922895 call 92fa73 246->249 253 9224f4-9224fc 248->253 254 92254c-922561 Process32NextW 248->254 260 922513-922515 253->260 261 9224fe 253->261 254->241 258 922567-92256d 254->258 262 922616-922622 K32GetProcessImageFileNameW 256->262 263 922628-922635 call 921d20 256->263 271 922660 257->271 272 9226da-9226e2 257->272 258->239 268 922517-922528 260->268 269 92252a-922543 call 923ad0 260->269 267 922500-922506 261->267 262->263 276 9226c1 263->276 277 92263b-922650 CloseHandle 263->277 273 922508-922511 267->273 274 922549 267->274 268->274 269->274 278 922666-92266f GetLastError 271->278 272->278 279 9226e4-9226eb 272->279 273->260 273->267 274->254 276->257 277->256 281 922652-92265d call 92ae4d 277->281 284 922847-922849 278->284 285 922675-922689 Sleep 278->285 282 92274d-922795 GetProcessTimes 279->282 283 9226ed-9226f5 279->283 281->271 282->284 286 92279b-9227db GetSystemTimeAsFileTime 282->286 288 9226f7-9226f9 283->288 289 9226fb-922715 Sleep 283->289 291 922874-92288f call 92ae3f 284->291 292 92284b-922858 284->292 285->229 290 92268f-92269c 285->290 294 922841 286->294 295 9227dd 286->295 288->282 288->289 289->229 297 92271b-922728 289->297 298 9226b2-9226bc call 92b0d3 290->298 299 92269e-9226ac 290->299 300 92286a-922871 call 92b0d3 292->300 301 92285a-922868 292->301 294->284 303 9227e7-922807 Sleep 295->303 304 9227df-9227e5 295->304 305 92272a-922738 297->305 306 92273e-922748 call 92b0d3 297->306 298->229 299->249 299->298 300->291 301->249 301->300 303->229 310 92280d-92281a 303->310 304->294 304->303 305->249 305->306 306->229 313 92282c-92283c call 92b0d3 310->313 314 92281c-92282a 310->314 313->229 314->249 314->313
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00922405
                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00922472
                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 009224A2
                                                                                                                                                                                                                  • Process32NextW.KERNEL32(?,0000022C), ref: 00922559
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 00922579
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,?,?,?,explorer.exe), ref: 00922606
                                                                                                                                                                                                                  • K32GetProcessImageFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 00922622
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,explorer.exe,?,?,?,?,?,?,?,00000000,00000000), ref: 00922641
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 00922666
                                                                                                                                                                                                                  • Sleep.KERNEL32(00002710), ref: 0092267A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Close$HandleProcessProcess32$ChangeCreateErrorFileFindFirstImageLastNameNextNotificationOpenSleepSnapshotToolhelp32
                                                                                                                                                                                                                  • String ID: explorer.exe
                                                                                                                                                                                                                  • API String ID: 1892969530-3187896405
                                                                                                                                                                                                                  • Opcode ID: 24882594c9cc25ae6daa0ed9b21bf8411d357157274bfd04039a80a1e1e8c3a8
                                                                                                                                                                                                                  • Instruction ID: 855c9ef717a78a46251034b3edca9c0c0d5d5d3320501d814b9630f9d605cb01
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24882594c9cc25ae6daa0ed9b21bf8411d357157274bfd04039a80a1e1e8c3a8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FB1B372D05239ABDF209F28ED88BADB7B8EF45310F1442E5E818A72A5D7305E84CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 009228D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 364 9228d0-9228fe StartServiceCtrlDispatcherW 365 922900-922909 GetLastError 364->365 366 92290a-92290f 364->366
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 009228F6
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00922900
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CtrlDispatcherErrorLastServiceStart
                                                                                                                                                                                                                  • String ID: FastSRV
                                                                                                                                                                                                                  • API String ID: 3783796564-1196406248
                                                                                                                                                                                                                  • Opcode ID: 9a753c3cc600274e8260b6aacbb0deab80e56bccb8bef0c420556e0cb823f96a
                                                                                                                                                                                                                  • Instruction ID: ffe006bf15d5d9b541136f51e0eea69aae63bfb6175486a2e0117dc0a6f828f7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a753c3cc600274e8260b6aacbb0deab80e56bccb8bef0c420556e0cb823f96a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46E08674D0420CABCB20DFA5E90976EBBFCEB05309F004594DC0CD2201E77546149FE2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00922910 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93registrysynchronizationthreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 318 922910-922917 319 92295a-922973 RegisterServiceCtrlHandlerExW 318->319 320 922919-922921 318->320 322 922ab0-922ab1 319->322 323 922979-9229e3 SetServiceStatus CreateEventW 319->323 321 922924-92292a 320->321 324 92294a-92294c 321->324 325 92292c-92292f 321->325 326 9229e5-922a18 GetLastError SetServiceStatus 323->326 327 922a1b-922aaf SetServiceStatus CreateThread WaitForSingleObject CloseHandle SetServiceStatus 323->327 330 92294f-922951 324->330 328 922931-922939 325->328 329 922946-922948 325->329 327->322 328->324 331 92293b-922944 328->331 329->330 330->319 332 922953 330->332 331->321 331->329 332->319
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegisterServiceCtrlHandlerExW.ADVAPI32(FastSRV,00922AC0,00000000), ref: 00922966
                                                                                                                                                                                                                  • SetServiceStatus.SECHOST(00000000,0094BDF8), ref: 009229CC
                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 009229D6
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 009229F4
                                                                                                                                                                                                                  • SetServiceStatus.ADVAPI32(0094BDF8), ref: 00922A14
                                                                                                                                                                                                                  • SetServiceStatus.ADVAPI32(0094BDF8), ref: 00922A4E
                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00002E40,00000000,00000000,00000000), ref: 00922A5F
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00922A68
                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00922A74
                                                                                                                                                                                                                  • SetServiceStatus.ADVAPI32(0094BDF8), ref: 00922AAD
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Service$Status$Create$CloseCtrlErrorEventHandleHandlerLastObjectRegisterSingleThreadWait
                                                                                                                                                                                                                  • String ID: FastSRV$logoff
                                                                                                                                                                                                                  • API String ID: 4143498620-384721677
                                                                                                                                                                                                                  • Opcode ID: 310be7cd0a6f4be62e11dd3b14157b3ee0bfbaa4903d389d764910b3f24ad94e
                                                                                                                                                                                                                  • Instruction ID: 0864f709507aa4ab0da01f7ed0cef03ef418a416459c5bbe5b51df4fac2ebf65
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 310be7cd0a6f4be62e11dd3b14157b3ee0bfbaa4903d389d764910b3f24ad94e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C31B0B8A68226ABE3108F65ED19F923BA5F75271CF008014E714962F5C7F6C044EFD0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00922E40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43synchronizationsleepCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 333 922e40-922e5c WaitForSingleObject 334 922eb5-922ebd 333->334 335 922e5e 333->335 336 922e64-922e82 WTSGetActiveConsoleSessionId wsprintfW 335->336 337 922e84-922e89 call 9223a0 call 922b30 336->337 338 922e9c-922eb3 Sleep WaitForSingleObject 336->338 342 922e8e-922e96 337->342 338->334 338->336 342->338
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000), ref: 00922E58
                                                                                                                                                                                                                  • WTSGetActiveConsoleSessionId.KERNEL32 ref: 00922E64
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00922E73
                                                                                                                                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 00922EA1
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000), ref: 00922EAF
                                                                                                                                                                                                                    • Part of subcall function 009223A0: CloseHandle.KERNEL32(?), ref: 00922405
                                                                                                                                                                                                                    • Part of subcall function 009223A0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00922472
                                                                                                                                                                                                                    • Part of subcall function 009223A0: OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,?,?,?,explorer.exe), ref: 00922606
                                                                                                                                                                                                                    • Part of subcall function 00922B30: WTSGetActiveConsoleSessionId.KERNEL32(74DF30D0,00000000,74DF1EA0), ref: 00922B4D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • Fast Engine: id:%d, xrefs: 00922E69
                                                                                                                                                                                                                  • Fast Engine: Set Token Info Error, xrefs: 00922E6E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ActiveConsoleObjectSessionSingleWait$CloseCreateHandleOpenProcessSleepSnapshotToolhelp32wsprintf
                                                                                                                                                                                                                  • String ID: Fast Engine: Set Token Info Error$Fast Engine: id:%d
                                                                                                                                                                                                                  • API String ID: 2001961009-1331704477
                                                                                                                                                                                                                  • Opcode ID: ef64f689d2d3e05c0facb893d3bc3af214ed60e4ebc33c76156feb1a4bddffae
                                                                                                                                                                                                                  • Instruction ID: 1a5e547f317512f13f725d7adf1790ce099be7c683b05882a913a6c6d94294d6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef64f689d2d3e05c0facb893d3bc3af214ed60e4ebc33c76156feb1a4bddffae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEF04C72A78220B7D6206B6DBD06F15375CEF56760F010232F914E20E0DA516C00EAB6
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 009349FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 343 9349fb-934a07 344 934a99-934a9c 343->344 345 934aa2 344->345 346 934a0c-934a1d 344->346 347 934aa4-934aa8 345->347 348 934a2a-934a43 LoadLibraryExW 346->348 349 934a1f-934a22 346->349 352 934a45-934a4e GetLastError 348->352 353 934aa9-934ab9 348->353 350 934ac2-934ac4 349->350 351 934a28 349->351 350->347 355 934a96 351->355 356 934a50-934a62 call 9338a8 352->356 357 934a87-934a94 352->357 353->350 354 934abb-934abc FreeLibrary 353->354 354->350 355->344 356->357 360 934a64-934a76 call 9338a8 356->360 357->355 360->357 363 934a78-934a85 LoadLibraryExW 360->363 363->353 363->357
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00934B0A,74DF30D0,-00000002,00000000,0092A425,74DF30D2,?,00934D15,00000022,FlsSetValue,00942838,00942840,0092A425), ref: 00934ABC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                                                                                                                  • Opcode ID: e538a2f7417b732da0232aeacec2033e7b193056ca45166a537a5f61422676ac
                                                                                                                                                                                                                  • Instruction ID: 6d6085dfd919c1841dd97e394ae33007010f7d600e14fdc06a1f90212204a41a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e538a2f7417b732da0232aeacec2033e7b193056ca45166a537a5f61422676ac
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5210A76E94111EBCB219B65EC41E6A3B6CDF82760F260620F905E7290E730FD00DEE5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00930C46 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,00930C40,00000016,0092F866,?,?,DC413B4F,0092F866,?), ref: 00930C57
                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00930C40,00000016,0092F866,?,?,DC413B4F,0092F866,?), ref: 00930C5E
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00930C70
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                  • Opcode ID: d3fff72af3fad261150fc222d7b1d7a3e6b15ed028c6d9a523052a5a941a1d55
                                                                                                                                                                                                                  • Instruction ID: 87c65f05c728dcd1b36c5555a42533f8d82ab943219daa83723829d0acd7117f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3fff72af3fad261150fc222d7b1d7a3e6b15ed028c6d9a523052a5a941a1d55
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBD09231418248FFCF152FA4ED2D98D3F2AAF84345F149220B9898A432CB319992EE90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00934AC6 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 374 934ac6-934af0 375 934af2-934af4 374->375 376 934af6-934af8 374->376 377 934b47-934b4a 375->377 378 934afa-934afc 376->378 379 934afe-934b05 call 9349fb 376->379 378->377 381 934b0a-934b0e 379->381 382 934b10-934b1e GetProcAddress 381->382 383 934b2d-934b44 381->383 382->383 385 934b20-934b2b call 930aa8 382->385 384 934b46 383->384 384->377 385->384
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5e9e0772b1addbd6fc860ce636d99c9098632af123b3c3386853b9cb0a1594a8
                                                                                                                                                                                                                  • Instruction ID: 792515dd0e5180df1be6fdd5647914dfa07458ed58e61d9e24b8b4d4450ac0f9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e9e0772b1addbd6fc860ce636d99c9098632af123b3c3386853b9cb0a1594a8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0301F5376542149B8B268E68FC40E5B736DEBC6720B224124F904C7194DA31E845ABD1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 0093A3D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,0093A6E6,00000002,00000000,?,?,?,0093A6E6,?,00000000), ref: 0093A46D
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,0093A6E6,00000002,00000000,?,?,?,0093A6E6,?,00000000), ref: 0093A496
                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,0093A6E6,?,00000000), ref: 0093A4AB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                  • Opcode ID: c6cce57c9370e8a5fc0f8f2fb4116b29aee0bc91564958b66ee237f28aa86a28
                                                                                                                                                                                                                  • Instruction ID: ec28780b9fb4db92e7d15198c7543733fbc015428f5d0e07e143a8c2a36cbb1d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6cce57c9370e8a5fc0f8f2fb4116b29aee0bc91564958b66ee237f28aa86a28
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7421C532A04104AADB348F54DD0CA9773AEEF94B60F568434E98AD7120FBB2DD40DB52
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0093A5B0 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0093A6B8
                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 0093A6F6
                                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 0093A709
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0093A751
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0093A76C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 415426439-0
                                                                                                                                                                                                                  • Opcode ID: 52ea5442e105d13ef9691aa0f251a3986eabb02ebd29cb9bab2d353717725698
                                                                                                                                                                                                                  • Instruction ID: 5b1d968395ffea444aa13c5ec31c868dc93d87ec55bde3dbc7be6041bb7025e1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52ea5442e105d13ef9691aa0f251a3986eabb02ebd29cb9bab2d353717725698
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57516C72A00205ABDB20DFA5DC86FBE73BCBF58704F184429E951EB190E7749E448F62
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00939C3B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,?,?,?,?,00932123,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00939CFA
                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00932123,?,?,?,00000055,?,-00000050,?,?), ref: 00939D31
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00939E94
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                                  • API String ID: 607553120-905460609
                                                                                                                                                                                                                  • Opcode ID: b2ff0bde9639e06e571414d0461458c116d4d3af0a5c3590ac657451076c0830
                                                                                                                                                                                                                  • Instruction ID: b8d293a875a88c0806e977e3449e90a7cdd7e694bf149fbd241617e3facfc983
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2ff0bde9639e06e571414d0461458c116d4d3af0a5c3590ac657451076c0830
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9871E272A40316AADB35EB74CC42FAB73ACEF85700F144469F955DB181EAB4ED40CE61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00936EE1 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00936F7C
                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00936FF7
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00937019
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0093703C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1164774033-0
                                                                                                                                                                                                                  • Opcode ID: 2f3d65d988cfb55922f2a7e3da209ad51b63176ef397f541969fdc6d77c6eda6
                                                                                                                                                                                                                  • Instruction ID: 66fc927bf9684c11072affbbde59fc606645f3238561c1ea1b03cd4d3c18d1fa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f3d65d988cfb55922f2a7e3da209ad51b63176ef397f541969fdc6d77c6eda6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9741A471904619BFDB30EFA4EC88ABAB7BDEB85315F108195E405D7180E7349E849F60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092B7FD Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0092B809
                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 0092B8D5
                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0092B8F5
                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 0092B8FF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                                                                                                  • Opcode ID: 13757ad04acdde2e5fa27038d5a17856d7f044caa67acdfb0382f9f4b5155be4
                                                                                                                                                                                                                  • Instruction ID: 7a8ef676e9b1e3eee22a9d40784c2dbebc6b1b19cf179d796372b994edb721bc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13757ad04acdde2e5fa27038d5a17856d7f044caa67acdfb0382f9f4b5155be4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9312779D1522C9BDB10DFA4D989BCDBBF8BF08304F1040AAE50DAB255EB709A84DF44
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0093A058 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0093A0AC
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0093A0F6
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0093A1BC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 661929714-0
                                                                                                                                                                                                                  • Opcode ID: 2d8429bd606dc10e65f69b8dc6b923478dad285e0d4e0c630a174ef9b11391c0
                                                                                                                                                                                                                  • Instruction ID: 205f89e9610357c1853f26641e62a49d8c95059807d5934ba53487615225af83
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d8429bd606dc10e65f69b8dc6b923478dad285e0d4e0c630a174ef9b11391c0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5961BD71A14207AFEB289F69CC82BBA73ACEF44310F10416AE955C6185E739DD84DF52
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092F867 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0092A425), ref: 0092F95F
                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0092A425), ref: 0092F969
                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(74DF2DA8,?,?,?,?,?,0092A425), ref: 0092F976
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                  • Opcode ID: 436f938ebe42c8c13541b3c26b3b4059743b364ef90ec1b3596364c445929eee
                                                                                                                                                                                                                  • Instruction ID: c895f679c94463f88d55d4726d33cee886fe14257134ca5b9d9be6d2017a2600
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 436f938ebe42c8c13541b3c26b3b4059743b364ef90ec1b3596364c445929eee
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2131D47491122CABCB21DF28ED88BDDBBB8BF48310F5041EAE41CA7251E7709B858F44
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092B3DE Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0092B3F4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                                                                                                  • Opcode ID: 36e904c95c23f438329078f14ea21b97b2ef8b2f208e1d8c498cda5925849a2b
                                                                                                                                                                                                                  • Instruction ID: 04d3bfa73f7f381804a5e6a29e45a3ff491b8898713702894f68b2fd5e3372c9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36e904c95c23f438329078f14ea21b97b2ef8b2f208e1d8c498cda5925849a2b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7651E1759146248FEB28CF55E8C1BAEBBF4FB46300F24842AD414EB265D375DA00DF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0093A2AB Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0093A2FF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3736152602-0
                                                                                                                                                                                                                  • Opcode ID: 917f572dadfe6c45b78a495ba5f300ef4a36d4a424056fd220d520df3756d3fb
                                                                                                                                                                                                                  • Instruction ID: 419cb38a8b26fe8a6543ec4457b6d289286cddffca668e4e426bf8259fd190ae
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 917f572dadfe6c45b78a495ba5f300ef4a36d4a424056fd220d520df3756d3fb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A218E72A55206AFEF289F25DC82ABA73ACEF85310F10407AF905D6151EA34ED449F52
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00939F32 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(0093A058,00000001,00000000,?,-00000050,?,0093A68C,00000000,?,?,?,00000055,?), ref: 00939FA4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                  • Opcode ID: 70beb1fa4086311836d55da3a489f230520bf3f1ccb72dc54e9266a7095f4623
                                                                                                                                                                                                                  • Instruction ID: 3cd279f5a75c8f9a87a8998a13d770f631412fd4bf71f5434980916a783b35d5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70beb1fa4086311836d55da3a489f230520bf3f1ccb72dc54e9266a7095f4623
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2611E53B2047059FDB189F39D8916BAB796FF84359F14442CE98A87A40D371BD42CF40
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0093A4DA Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0093A355,00000000,00000000,?), ref: 0093A506
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3736152602-0
                                                                                                                                                                                                                  • Opcode ID: b5f1daa47d05e3688b111dd9f2f2c23a7aeb06b75545529f552fa06fa457a013
                                                                                                                                                                                                                  • Instruction ID: 88773be70f1dcaea6ff26a36904330b1649d012fcd1ee5a40a0d881d9bf5f930
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5f1daa47d05e3688b111dd9f2f2c23a7aeb06b75545529f552fa06fa457a013
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E401F932604112ABDF289A64CC46BBF7768EB80754F154828FC86A3190EA34FE41CE91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00939E40 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00939E94
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                                  • API String ID: 3736152602-905460609
                                                                                                                                                                                                                  • Opcode ID: 846b596892a6e7993a6e177f4f29f687053109a73ca8f71674480d06b47f793f
                                                                                                                                                                                                                  • Instruction ID: 78a70677e433eaa17a049d15e277d9184e78186f190c4c16cd860b3029255d25
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 846b596892a6e7993a6e177f4f29f687053109a73ca8f71674480d06b47f793f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF0C833650205ABD724EB74DC45FFA73ACDB85710F11017AB506D7241EA74AD099B51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00939FCD Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(0093A2AB,00000001,?,?,-00000050,?,0093A654,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0093A017
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                  • Opcode ID: 3ff32a5b907e929b549b1ed7fbcbdfdd3440cc53b6f357e7d0798ed08d0f67bc
                                                                                                                                                                                                                  • Instruction ID: 7185791b3bac950cc1fc01fa5c937779b969b4eac3f044611cfd579e9490ba09
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ff32a5b907e929b549b1ed7fbcbdfdd3440cc53b6f357e7d0798ed08d0f67bc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24F0F6362003045FDB289F79DC85B7A7B95FFC1768F05442CF9868B690C6B29C42CE50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0093482E Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00930085: EnterCriticalSection.KERNEL32(-00020FE3,?,009308D5,00000000,00948240,0000000C,0093089D,?,?,00934173,?,?,00933FF3,00000001,00000364,0092A425), ref: 00930094
                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00934821,00000001,00948468,0000000C,00934C37,00000000), ref: 00934866
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                                                                                                  • Opcode ID: 893055381ffbb64393969da61b601f225c68de57d03f34e1444db9533af7bfe9
                                                                                                                                                                                                                  • Instruction ID: 15a875355cc5355d32ca1646a62fa859d64d0f3314297e6158492c7aa7dce058
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 893055381ffbb64393969da61b601f225c68de57d03f34e1444db9533af7bfe9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F082B6A14204EFDB10EF98E812B9C7BF0FB89322F00402AE4009B3E0CB7599409F80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00939EE7 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00933E54: GetLastError.KERNEL32(00000000,?,00936842), ref: 00933E58
                                                                                                                                                                                                                    • Part of subcall function 00933E54: SetLastError.KERNEL32(00000000,00000000,0092A425,00000006,000000FF), ref: 00933EFA
                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00939E40,00000001,?,?,?,0093A6AE,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00939F1E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                  • Opcode ID: 971085d1a5d1a73417d3926599979ac5f4d6c1c5176ebd1fc7f0f8af1441d7a1
                                                                                                                                                                                                                  • Instruction ID: 2f763a0305f5170b8ff42cd7cfe5462cda2436bfb228d1bbe5a24aade73d678a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 971085d1a5d1a73417d3926599979ac5f4d6c1c5176ebd1fc7f0f8af1441d7a1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F0E53A30020557CB24DF75D85576ABF94EFC1715F064469EA098B650C6B19D82CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00934D3B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00932C99,?,20001004,00000000,00000002,?,?,0093228B), ref: 00934D6F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                  • Opcode ID: f90f474b26d346ae391e649fde51de878e82d41406201a572dd65241a1880064
                                                                                                                                                                                                                  • Instruction ID: 5b4665abc7ac97be1481e50edc7253712cd7ea2affc60d002b2619bf81f16e1d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f90f474b26d346ae391e649fde51de878e82d41406201a572dd65241a1880064
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6E04F31504218BBCF122FA0EC08F9F3E29EF85760F014020FD1566260DB35A920AED5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00937DDA Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                  • Opcode ID: c3c859ac9613ee3f9c969da5499fc86f2495143efc132e8e0b80baf01af5fec6
                                                                                                                                                                                                                  • Instruction ID: 8e96d9a7a9f2615518f72f1d3329a71fdf50f3b145f5550083c6d91838e4488e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3c859ac9613ee3f9c969da5499fc86f2495143efc132e8e0b80baf01af5fec6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DA012345281048B53004F346A6460937D8A60138070400245408C0120D72480407A00
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00923200 Relevance: 18.2, APIs: 12, Instructions: 232COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00923238
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0092325B
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0092327B
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 009232B0
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 009232BF
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 009232E4
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00923304
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00923383
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 009233DF
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 009233F7
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00923414
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00923419
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: e9f7afc020a9d4f5ffb4c8aab118e1d20e6c682215602f1288acc20d51f073ff
                                                                                                                                                                                                                  • Instruction ID: df3254cbf276116889cc099a817d8f42e6c83952abb99c8b660ba2b79d62a404
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9f7afc020a9d4f5ffb4c8aab118e1d20e6c682215602f1288acc20d51f073ff
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E81F032900225CFCB25DF58E841BAFB7B4EB85320F148259E815A7356DB38AE01CBE1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092E63B Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 0092E75A
                                                                                                                                                                                                                  • ___TypeMatch.LIBVCRUNTIME ref: 0092E868
                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 0092E9BA
                                                                                                                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 0092E9D5
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                  • API String ID: 2751267872-393685449
                                                                                                                                                                                                                  • Opcode ID: e99565a0b654d23dd4a59dc3e9c616b8bbaa61aae23b4060375e1c151f644ecf
                                                                                                                                                                                                                  • Instruction ID: d7d589edcebb49070bcc4be1ad334435fee4719c6947fe8074fb04a16c4a9f99
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e99565a0b654d23dd4a59dc3e9c616b8bbaa61aae23b4060375e1c151f644ecf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68B18B75C00229EFCF28DFA4E9C1AAEB7B9FF54310B14416AE8156B21AD730DA51CF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00921540 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 009215C9
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0092161E
                                                                                                                                                                                                                  • __Getctype.LIBCPMT ref: 00921637
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00921681
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0092171F
                                                                                                                                                                                                                  • __Getwctype.LIBCPMT ref: 0092175A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Lockit$GetctypeGetwctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                  • API String ID: 2702795554-1405518554
                                                                                                                                                                                                                  • Opcode ID: c5e160c6a175b1f0b900bd9ab5262fc1e9d5f1a022bcca653e83916529f21ef2
                                                                                                                                                                                                                  • Instruction ID: 7a0d432f7dd2e06f8d1837aa4cd79804ea6e013a9bd73f163f3784f81af1c5e5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e160c6a175b1f0b900bd9ab5262fc1e9d5f1a022bcca653e83916529f21ef2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9451A6B1C003689BEB10DF64D841B9EB7F8BF54314F144169E849E7246EB35EA98CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 009236C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00923740
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00923793
                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 009237A5
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 009237C4
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00923859
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Lockit$GetcollLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                  • API String ID: 1629477862-1405518554
                                                                                                                                                                                                                  • Opcode ID: 23cd596045a2e6c9f32689bf3c9d9db523c4c61553e158a843a5abf5f9c3290c
                                                                                                                                                                                                                  • Instruction ID: fda921bc3a443e5a947ef47e9175aaab727c1e7e6518ee0489bd53746745a06f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23cd596045a2e6c9f32689bf3c9d9db523c4c61553e158a843a5abf5f9c3290c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A85163B1D012689FEF14DFA4E84579DBBB8EF44310F148029E815EB389E7789A49CF51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092E140 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 0092E177
                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0092E17F
                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 0092E208
                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 0092E233
                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 0092E288
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                  • Opcode ID: 796c306f90349ca7a2b19aa6244595c11d15097c16501b0bdab5dc1af49f7b01
                                                                                                                                                                                                                  • Instruction ID: 85eafb75091287f8dcfe866314292a620910fdbd5e4f4ec1f927a5e9b2510e7b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 796c306f90349ca7a2b19aa6244595c11d15097c16501b0bdab5dc1af49f7b01
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9941E534A04228DFCF10DF68E884A9EBBB9EF86314F148465F8256B396D7319E15CF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092E304 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0092E2FB,0092C1B2,0092B9B2), ref: 0092E312
                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0092E320
                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0092E339
                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,0092E2FB,0092C1B2,0092B9B2), ref: 0092E38B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                  • Opcode ID: ed6f2773c632c06f36e6418eea0249325a8cb99bed60cc4345fb85eafe771606
                                                                                                                                                                                                                  • Instruction ID: 6a7867f98f6604b89cb25693333e3c369e8267bb26062387bb18a1efbe63b72a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed6f2773c632c06f36e6418eea0249325a8cb99bed60cc4345fb85eafe771606
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E501D83212D3315FEF146A747CD5E6A2768EB427B6720033AF420960E9EE514D006791
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00930C90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,DC413B4F,74DF30D0,?,00000000,0093EB4E,000000FF,?,00930C6C,?,?,00930C40,00000016), ref: 00930CC5
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00930CD7
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,0093EB4E,000000FF,?,00930C6C,?,?,00930C40,00000016), ref: 00930CF9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                  • Opcode ID: 9f099e0d8a54bf013acaeb78a40d730d0295a019b9c6518697bc32780e3ff734
                                                                                                                                                                                                                  • Instruction ID: 015fd4d05fb54bce695a35837e408ac73516258ccf8db6f0b2122427f2249c7c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f099e0d8a54bf013acaeb78a40d730d0295a019b9c6518697bc32780e3ff734
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9018671998615EFDB118F90DD15FAEBBBCFB44B14F000625F811A22D0DB749900DF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0093452D Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 009345B2
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 0093467B
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 009346E2
                                                                                                                                                                                                                    • Part of subcall function 00934F92: HeapAlloc.KERNEL32(00000000,0092A425,74DF30D0,?,0092BF8B,74DF30D2,74DF30D0,00000000,?,?,0092A1F3,0092A425,74DF30D4,74DF30D0,74DF30D0,74DF30D0), ref: 00934FC4
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 009346F5
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00934702
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1096550386-0
                                                                                                                                                                                                                  • Opcode ID: 71700b6a86e9b4534d9d2b0f2517b840c1c0ec907d41e58cad19026a3b94286e
                                                                                                                                                                                                                  • Instruction ID: eb4fe7cd80e45915baebc7c6a13a619a07521888fd8d3cbeb6509c3c58ce091a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71700b6a86e9b4534d9d2b0f2517b840c1c0ec907d41e58cad19026a3b94286e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C51BE72600216AFEF249F64CC82EBB3AADEF96714F1A0529FD04D6151EB75EC108E60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092A5E0 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_SetgloballocaleYarnstd::locale::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 156189095-0
                                                                                                                                                                                                                  • Opcode ID: 3b64f8ab850fa11db107b3c6a9642c8478c1fbe6c061266569ab807c10cda8ed
                                                                                                                                                                                                                  • Instruction ID: 4ce6b26adae80a117c37d8f799b48b53f8a676cc2f8e34ba6a8cfc340611997d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b64f8ab850fa11db107b3c6a9642c8478c1fbe6c061266569ab807c10cda8ed
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A01BC3AA042218FCB06EF20E851A3E77B5FFC5740F480008E81257395CB386E02DBC6
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092F427 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0092F3D8,00000000,?,0094B388,?,?,?,0092F57B,00000004,InitializeCriticalSectionEx,009410A8,InitializeCriticalSectionEx), ref: 0092F434
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0092F3D8,00000000,?,0094B388,?,?,?,0092F57B,00000004,InitializeCriticalSectionEx,009410A8,InitializeCriticalSectionEx,00000000,?,0092F1C2), ref: 0092F43E
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0092F466
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                  • Opcode ID: 07a3b9c35bf87828194963072674504bd049591582413589132ad0ec88ea3006
                                                                                                                                                                                                                  • Instruction ID: 76a72e13020ab78caa0d59ba64e2d3d25e62cd958facc48163be7c273501370c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07a3b9c35bf87828194963072674504bd049591582413589132ad0ec88ea3006
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83E04830694208F7EF202B61FC1BB693F699B00B54F108030F90CE44F1D7A1D9519954
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0093BD5E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetConsoleOutputCP.KERNEL32(DC413B4F,00000000,00000000,?), ref: 0093BDC1
                                                                                                                                                                                                                    • Part of subcall function 009369C0: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009346D8,?,00000000,-00000008), ref: 00936A21
                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0093C013
                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0093C059
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0093C0FC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2112829910-0
                                                                                                                                                                                                                  • Opcode ID: 7c07219e40d56d8c1bccec0c3ef7781fdc1cd4dc34fefca8046af8755ebbd922
                                                                                                                                                                                                                  • Instruction ID: b37c1d1ecabfa1a734673d1c33f6ca68e1678a8f277392c87eda2e56013374c9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c07219e40d56d8c1bccec0c3ef7781fdc1cd4dc34fefca8046af8755ebbd922
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69D177B5D046589FCF14CFA8C880AADBBB8FF49314F28456AE566EB352D730A941CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092E3E4 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                                                  • Opcode ID: c8096831acaa348a255abf0fe508e2c8ec899343de9641afe01d7f79c2085777
                                                                                                                                                                                                                  • Instruction ID: cd23d69600707564a4ac41c46c86b81e2cb5cd9e1d31e5d0298d94fc503e8587
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8096831acaa348a255abf0fe508e2c8ec899343de9641afe01d7f79c2085777
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1551E272605226AFDF28AF14F881FBA77A8EF54314F14452DF8054B2AAE731EC40DB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00929160 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 009292EC
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 009292E7
                                                                                                                                                                                                                    • Part of subcall function 00921160: ___std_exception_copy.LIBVCRUNTIME ref: 0092119E
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 009292F1
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 009292F6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task$___std_exception_copy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 270002120-0
                                                                                                                                                                                                                  • Opcode ID: 9b724dea8bde435dc302332c211dd1375130359fc8ea528673e73f917e8a485b
                                                                                                                                                                                                                  • Instruction ID: 6cb1c2ea8f8d11451eaaf3f5a23266563f1c3ff4d223fb2df0f72721a3da0b0f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b724dea8bde435dc302332c211dd1375130359fc8ea528673e73f917e8a485b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E051AF72600225EFCB14DF19E480A69B7E5FF98310F25816AECA9CB356D731EC61CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0093DF29 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0093D105,00000000,00000001,00000000,?,?,0093C150,?,00000000,00000000), ref: 0093DF40
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0093D105,00000000,00000001,00000000,?,?,0093C150,?,00000000,00000000,?,?,?,0093C6F3,00000000), ref: 0093DF4C
                                                                                                                                                                                                                    • Part of subcall function 0093DF12: CloseHandle.KERNEL32(FFFFFFFE,0093DF5C,?,0093D105,00000000,00000001,00000000,?,?,0093C150,?,00000000,00000000,?,?), ref: 0093DF22
                                                                                                                                                                                                                  • ___initconout.LIBCMT ref: 0093DF5C
                                                                                                                                                                                                                    • Part of subcall function 0093DED4: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0093DF03,0093D0F2,?,?,0093C150,?,00000000,00000000,?), ref: 0093DEE7
                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0093D105,00000000,00000001,00000000,?,?,0093C150,?,00000000,00000000,?), ref: 0093DF71
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2744216297-0
                                                                                                                                                                                                                  • Opcode ID: c74e58a5e2118ffcb1681a0926127b5d5a128ae4de9e91534a10939848ed84a2
                                                                                                                                                                                                                  • Instruction ID: 5678a378ecee444072ea7fed5a2a5b7cb7f5ea3770b3c358a452a572f851fd23
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c74e58a5e2118ffcb1681a0926127b5d5a128ae4de9e91534a10939848ed84a2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8F01C3A465159BBCF221F95EC14A8A7F26EB497A5F048021FA0986121C732C820EFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092E9E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EncodePointer.KERNEL32(00000000,?), ref: 0092EA05
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: EncodePointer
                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                  • Opcode ID: 431a423ce083cc6ee3f4210bfc1f5ad881c2d42ea2f3f0e869701bc8d3c3c666
                                                                                                                                                                                                                  • Instruction ID: e3b85ad708a5e988413eccd1d5a659d3ba6419adfd52fb091430306829217180
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 431a423ce083cc6ee3f4210bfc1f5ad881c2d42ea2f3f0e869701bc8d3c3c666
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77416872900229EFCF15CF98EDC1AAEBBB9FF48300F184059F905A6259E335A951DB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0092AD91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 009228A0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000), ref: 009228A5
                                                                                                                                                                                                                    • Part of subcall function 009228A0: GetLastError.KERNEL32(?,00000000,00000000), ref: 009228AF
                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,0092105A), ref: 0092ADC4
                                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0092105A), ref: 0092ADD3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0092ADCE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2386989287.0000000000921000.00000020.00000001.01000000.00000016.sdmp, Offset: 00920000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2386927960.0000000000920000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387372798.000000000093F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387455645.000000000094A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000C.00000002.2387500243.000000000094C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_920000_FastSRV.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                  • API String ID: 3511171328-631824599
                                                                                                                                                                                                                  • Opcode ID: 4ee12fd8c391b21d2c9125d58d8d463b4e4420cef6af85a31c8cbec59a4ee26e
                                                                                                                                                                                                                  • Instruction ID: 6370a5178124e21ebcc551eb459cbac8084e2989a99ac004566e5208b57041df
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ee12fd8c391b21d2c9125d58d8d463b4e4420cef6af85a31c8cbec59a4ee26e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41E092B56047208BD330AF29FA04B427BF4AF44705F00882DE546C7A85EBB5E404CFA2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:1.3%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:2.9%
                                                                                                                                                                                                                  Total number of Nodes:485
                                                                                                                                                                                                                  Total number of Limit Nodes:18
                                                                                                                                                                                                                  execution_graph 58554 3a2889 58559 3c5265 32 API calls 58554->58559 58556 3a2893 58560 3c4f51 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 58556->58560 58558 3a28a0 58559->58556 58560->58558 58561 3c568f 58562 3c569b ___scrt_is_nonwritable_in_current_image 58561->58562 58587 3c509f 58562->58587 58564 3c56a2 58565 3c57f5 58564->58565 58576 3c56cc ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 58564->58576 58719 3c5c14 4 API calls 2 library calls 58565->58719 58567 3c57fc 58712 3d7a0d 58567->58712 58571 3c580a 58572 3c56eb 58573 3c576c 58595 3c5d2f 58573->58595 58575 3c5772 58599 3a1610 58575->58599 58576->58572 58576->58573 58715 3d2c5f 16 API calls 3 library calls 58576->58715 58588 3c50a8 58587->58588 58721 3c59f5 IsProcessorFeaturePresent 58588->58721 58590 3c50b4 58722 3c8cde 10 API calls 2 library calls 58590->58722 58592 3c50b9 58593 3c50bd 58592->58593 58723 3c8cfd 7 API calls 2 library calls 58592->58723 58593->58564 58724 3c7230 58595->58724 58597 3c5d42 GetStartupInfoW 58598 3c5d55 58597->58598 58598->58575 58725 3ad190 58599->58725 58601 3a1646 58747 363800 58601->58747 58604 3a2227 58780 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 58604->58780 58606 3a2231 58781 3ca38f 29 API calls 2 library calls 58606->58781 58610 3a16bd 58613 363800 39 API calls 58610->58613 58616 3a16c2 58613->58616 58616->58604 58619 362940 40 API calls 58616->58619 58620 3a16ea 58619->58620 58621 3a1700 58620->58621 58779 362c70 31 API calls 4 library calls 58620->58779 58621->58604 58623 3a170e 58621->58623 58776 37e5d0 GetTickCount64 58623->58776 58884 3d7841 58712->58884 58715->58573 58719->58567 58720 3d79d1 21 API calls std::locale::_Setgloballocale 58720->58571 58721->58590 58722->58592 58723->58593 58724->58597 58726 3ad1c3 58725->58726 58746 3ad240 __Mtx_unlock 58725->58746 58782 3ae132 58726->58782 58729 3ad269 58830 3aed8e 31 API calls 2 library calls 58729->58830 58730 3ad1df 58731 3ad1ef 58730->58731 58732 3ad270 58730->58732 58731->58746 58785 3c527a 58731->58785 58831 3aed8e 31 API calls 2 library calls 58732->58831 58736 3ad27d 58832 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 58736->58832 58737 3ad206 58740 363800 39 API calls 58737->58740 58739 3ad287 58741 3ad217 58740->58741 58741->58736 58742 3ad21d 58741->58742 58799 3ad290 CoInitializeEx 58742->58799 58744 3ad239 58829 3ad630 56 API calls 58744->58829 58746->58601 58748 363816 58747->58748 58749 36385c 58747->58749 58874 3c4fa2 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 58748->58874 58761 3638da 58749->58761 58877 3c4fa2 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 58749->58877 58751 363820 58751->58749 58753 36382c GetProcessHeap 58751->58753 58875 3c5265 32 API calls 58753->58875 58754 363877 58754->58761 58878 3c5265 32 API calls 58754->58878 58756 363852 58876 3c4f51 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 58756->58876 58759 3638d0 58879 3c4f51 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 58759->58879 58761->58604 58762 362940 58761->58762 58763 362953 58762->58763 58766 3629d5 58762->58766 58763->58766 58880 3634d0 10 API calls 58763->58880 58765 36296a 58765->58766 58767 362970 FindResourceW 58765->58767 58766->58610 58778 362c70 31 API calls 4 library calls 58766->58778 58767->58766 58768 362984 58767->58768 58881 363460 LoadResource LockResource SizeofResource 58768->58881 58770 36298e 58770->58766 58882 3ca490 29 API calls 4 library calls 58770->58882 58772 3629c5 58772->58766 58773 3629eb 58772->58773 58883 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 58773->58883 58775 3629f5 58777 3913f0 58776->58777 58778->58610 58779->58621 58780->58606 58833 3adef6 58782->58833 58788 3632d0 _Yarn messages 58785->58788 58788->58785 58789 363334 58788->58789 58790 363308 58788->58790 58861 3c738a RaiseException 58788->58861 58862 3d84c2 EnterCriticalSection LeaveCriticalSection messages 58788->58862 58789->58737 58791 3c527a messages 30 API calls 58790->58791 58792 36330e 58791->58792 58793 363317 58792->58793 58794 363322 58792->58794 58793->58737 58863 3ca2cb 29 API calls 2 library calls 58794->58863 58796 3ca39e 58864 3ca3ac 11 API calls std::locale::_Setgloballocale 58796->58864 58798 3ca3ab 58800 3ad429 58799->58800 58801 3ad2e0 CoInitializeSecurity 58799->58801 58800->58744 58802 3ad423 CoUninitialize 58801->58802 58803 3ad300 CoCreateInstance 58801->58803 58802->58800 58803->58802 58804 3ad327 58803->58804 58805 3c527a messages 30 API calls 58804->58805 58806 3ad335 58805->58806 58807 3ad348 SysAllocString 58806->58807 58809 3ad36b 58806->58809 58808 3ad616 _com_issue_error 58807->58808 58807->58809 58809->58808 58810 3ad3cd Concurrency::cancel_current_task 58809->58810 58811 3ad3c0 SysFreeString 58809->58811 58812 3ad411 58810->58812 58813 3ad3f6 CoSetProxyBlanket 58810->58813 58811->58810 58812->58802 58813->58812 58814 3ad43f 58813->58814 58865 39e190 58814->58865 58816 3ad453 58817 39e190 36 API calls 58816->58817 58818 3ad469 58817->58818 58819 3ad4b9 SysFreeString 58818->58819 58821 3ad4c6 Concurrency::cancel_current_task 58818->58821 58819->58821 58820 3ad5df CoUninitialize 58825 3ad600 58820->58825 58822 3ad50f SysFreeString 58821->58822 58823 3ad51c Concurrency::cancel_current_task 58821->58823 58822->58823 58823->58812 58826 3ad548 58823->58826 58825->58744 58826->58820 58872 362c70 31 API calls 4 library calls 58826->58872 58828 3ad5c9 VariantClear 58828->58826 58829->58746 58832->58739 58834 3adf58 58833->58834 58835 3adf1e GetCurrentThreadId 58833->58835 58836 3adf5c GetCurrentThreadId 58834->58836 58837 3adf82 58834->58837 58838 3adf29 GetCurrentThreadId 58835->58838 58847 3adf44 58835->58847 58840 3adf6b 58836->58840 58839 3ae01b GetCurrentThreadId 58837->58839 58841 3adfa3 58837->58841 58838->58847 58839->58840 58843 3ae064 GetCurrentThreadId 58840->58843 58840->58847 58858 3aeebc GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 58841->58858 58843->58847 58846 3ad1d4 58846->58729 58846->58730 58851 3c4f0a 58847->58851 58848 3adfdc GetCurrentThreadId 58848->58840 58849 3adfac __Xtime_diff_to_millis2 58848->58849 58849->58840 58849->58847 58849->58848 58859 3aeebc GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 58849->58859 58852 3c4f12 58851->58852 58853 3c4f13 IsProcessorFeaturePresent 58851->58853 58852->58846 58855 3c540a 58853->58855 58860 3c53cd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 58855->58860 58857 3c54ed 58857->58846 58858->58849 58859->58849 58860->58857 58861->58788 58862->58788 58863->58796 58864->58798 58866 3c527a messages 30 API calls 58865->58866 58867 39e1be 58866->58867 58869 39e1e7 _com_issue_error 58867->58869 58873 3c4c30 24 API calls 5 library calls 58867->58873 58870 39e23f SysFreeString 58869->58870 58871 39e1fa Concurrency::cancel_current_task 58869->58871 58870->58871 58871->58816 58872->58828 58873->58869 58874->58751 58875->58756 58876->58749 58877->58754 58878->58759 58879->58761 58880->58765 58881->58770 58882->58772 58883->58775 58885 3d786e 58884->58885 58886 3d7880 58884->58886 58911 3c5d65 GetModuleHandleW 58885->58911 58896 3d76d2 58886->58896 58890 3d7873 58890->58886 58912 3d7922 GetModuleHandleExW 58890->58912 58891 3c5802 58891->58720 58894 3d78d2 58897 3d76de ___scrt_is_nonwritable_in_current_image 58896->58897 58918 3d4e1c EnterCriticalSection 58897->58918 58899 3d76e8 58919 3d7759 58899->58919 58901 3d76f5 58923 3d7713 58901->58923 58904 3d78d8 58928 3d7909 58904->58928 58906 3d78e2 58907 3d78f6 58906->58907 58908 3d78e6 GetCurrentProcess TerminateProcess 58906->58908 58909 3d7922 std::locale::_Setgloballocale 3 API calls 58907->58909 58908->58907 58910 3d78fe ExitProcess 58909->58910 58911->58890 58913 3d7961 GetProcAddress 58912->58913 58914 3d7982 58912->58914 58913->58914 58917 3d7975 58913->58917 58915 3d7988 FreeLibrary 58914->58915 58916 3d787f 58914->58916 58915->58916 58916->58886 58917->58914 58918->58899 58920 3d7765 ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 58919->58920 58922 3d77c9 std::locale::_Setgloballocale 58920->58922 58926 3d82dc 14 API calls 3 library calls 58920->58926 58922->58901 58927 3d4e64 LeaveCriticalSection 58923->58927 58925 3d7701 58925->58891 58925->58904 58926->58922 58927->58925 58931 3dd4ca 5 API calls std::locale::_Setgloballocale 58928->58931 58930 3d790e std::locale::_Setgloballocale 58930->58906 58931->58930 58932 37e670 58933 37e6c9 58932->58933 58934 363800 39 API calls 58933->58934 58935 37e6ea 58934->58935 58936 37e6f4 58935->58936 58937 37e7ab 58935->58937 58940 362940 40 API calls 58936->58940 59045 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 58937->59045 58939 37e7b5 58942 3ae132 13 API calls 58939->58942 58941 37e711 58940->58941 58943 37e724 OpenSCManagerW 58941->58943 59044 362c70 31 API calls 4 library calls 58941->59044 58944 37e7f8 58942->58944 58948 37e77a 58943->58948 58949 37e748 OpenServiceW ControlService 58943->58949 58946 37e855 58944->58946 58947 37e7ff 58944->58947 59047 3aed8e 31 API calls 2 library calls 58946->59047 58951 37e85c 58947->58951 58952 37e809 58947->58952 58963 37f090 LookupPrivilegeValueW 58948->58963 58949->58948 59048 3aed8e 31 API calls 2 library calls 58951->59048 59046 3ad020 88 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 58952->59046 58961 37e83b __Mtx_unlock 58964 37f0d2 58963->58964 58965 37f1a1 GetCurrentProcess OpenProcessToken 58963->58965 58966 363800 39 API calls 58964->58966 58967 37f1d6 58965->58967 58968 37f2bc AdjustTokenPrivileges 58965->58968 58970 37f0d7 58966->58970 58969 363800 39 API calls 58967->58969 58971 37f2d9 58968->58971 58972 37f3b8 CloseHandle 58968->58972 58973 37f1db 58969->58973 58974 37f3f1 58970->58974 58983 362940 40 API calls 58970->58983 58975 363800 39 API calls 58971->58975 59024 37f16e 58972->59024 58973->58974 58984 362940 40 API calls 58973->58984 59060 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 58974->59060 58976 37f2de 58975->58976 58976->58974 58979 37f2e8 58976->58979 58978 3c4f0a __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 58981 37e783 58978->58981 58987 362940 40 API calls 58979->58987 58980 37f3fb 59061 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 58980->59061 59027 391820 58981->59027 58986 37f100 58983->58986 58988 37f204 58984->58988 58985 37f405 58989 37f113 58986->58989 59049 362c70 31 API calls 4 library calls 58986->59049 58990 37f307 58987->58990 58991 37f217 58988->58991 59052 362c70 31 API calls 4 library calls 58988->59052 58993 363800 39 API calls 58989->58993 58995 37f31a 58990->58995 59055 362c70 31 API calls 4 library calls 58990->59055 58997 363800 39 API calls 58991->58997 58994 37f11f 58993->58994 58998 37f3dd 58994->58998 58999 37f129 58994->58999 59001 363800 39 API calls 58995->59001 59002 37f223 58997->59002 59058 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 58998->59058 59009 362940 40 API calls 58999->59009 59003 37f326 59001->59003 59004 37f3e7 59002->59004 59005 37f22d 59002->59005 59003->58980 59008 37f330 59003->59008 59059 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59004->59059 59011 362940 40 API calls 59005->59011 59014 362940 40 API calls 59008->59014 59010 37f145 59009->59010 59013 37f158 GetLastError 59010->59013 59050 362c70 31 API calls 4 library calls 59010->59050 59012 37f249 59011->59012 59015 37f25c GetLastError 59012->59015 59053 362c70 31 API calls 4 library calls 59012->59053 59051 37bde0 96 API calls 5 library calls 59013->59051 59018 37f34c 59014->59018 59054 37bde0 96 API calls 5 library calls 59015->59054 59019 37f35f GetLastError 59018->59019 59056 362c70 31 API calls 4 library calls 59018->59056 59057 37bde0 96 API calls 5 library calls 59019->59057 59024->58978 59025 37f375 59025->58972 59026 37f3b0 59025->59026 59026->58972 59028 3ae132 13 API calls 59027->59028 59029 391859 59028->59029 59062 3aed8e 31 API calls 2 library calls 59029->59062 59044->58943 59045->58939 59046->58961 59049->58989 59050->59013 59051->59024 59052->58991 59053->59015 59054->59024 59055->58995 59056->59019 59057->59025 59058->59004 59059->58974 59060->58980 59061->58985 59063 380e03 59103 3c53bf 59063->59103 59065 380e1c RegQueryValueExW 59066 380e3a CloseHandle 59065->59066 59067 380e51 ___crtLCMapStringW 59065->59067 59068 380db9 59066->59068 59069 380e6b 59067->59069 59070 380f8c 59067->59070 59071 363800 39 API calls 59068->59071 59069->59066 59072 380e6f 59069->59072 59070->59066 59073 380f94 59070->59073 59074 380dbe 59071->59074 59075 363800 39 API calls 59072->59075 59076 363800 39 API calls 59073->59076 59077 380dc6 59074->59077 59078 3635d0 HeapAlloc RaiseException 59074->59078 59084 380e74 59075->59084 59085 380f99 59076->59085 59102 380dd2 59077->59102 59079 381096 59078->59079 59080 381082 59081 3635d0 HeapAlloc RaiseException 59080->59081 59081->59074 59082 3635d0 HeapAlloc RaiseException 59082->59080 59083 380ee1 59090 380eef 59083->59090 59095 380f2d _Yarn 59083->59095 59084->59074 59084->59080 59084->59083 59087 362dd0 29 API calls 59084->59087 59085->59074 59086 381007 59085->59086 59088 362dd0 29 API calls 59085->59088 59101 380f16 59085->59101 59089 3d2f6d __Getctype 29 API calls 59086->59089 59087->59083 59088->59086 59091 381015 59089->59091 59092 3ca47d __Wcscoll 14 API calls 59090->59092 59093 380eff CloseHandle 59091->59093 59094 381020 FindCloseChangeNotification 59091->59094 59096 380ef4 59092->59096 59098 380f0e 59093->59098 59094->59102 59095->59080 59097 380f7e 59095->59097 59099 3ca37f __cftoe 29 API calls 59096->59099 59097->59094 59100 363800 39 API calls 59098->59100 59099->59093 59100->59101 59101->59077 59101->59082 59104 391114 59105 39111c 59104->59105 59108 39113a __Mtx_unlock 59105->59108 59131 3adcbb 59105->59131 59107 3913ef GetCurrentProcessId 59110 391472 59107->59110 59111 363800 39 API calls 59110->59111 59112 39147a 59111->59112 59113 363800 39 API calls 59112->59113 59114 391494 59113->59114 59115 363800 39 API calls 59114->59115 59116 3914ae 59115->59116 59117 3c527a messages 30 API calls 59116->59117 59118 3914ec 59117->59118 59119 3c527a messages 30 API calls 59118->59119 59120 39153d Concurrency::cancel_current_task 59119->59120 59121 3c527a messages 30 API calls 59120->59121 59122 3915de 59121->59122 59123 3c527a messages 30 API calls 59122->59123 59124 391611 59123->59124 59125 376c00 31 API calls 59124->59125 59126 391655 59125->59126 59127 3c527a messages 30 API calls 59126->59127 59128 391673 59127->59128 59129 394f00 8 API calls 59128->59129 59130 3916ac 59129->59130 59136 3adad6 29 API calls std::invalid_argument::invalid_argument 59131->59136 59133 3adccc 59137 3c738a RaiseException 59133->59137 59135 3adcda 59136->59133 59137->59135 59138 391864 59139 391872 59138->59139 59184 3919e6 __Mtx_unlock 59138->59184 59185 393d70 7 API calls 59139->59185 59144 39189d 59146 3c527a messages 30 API calls 59144->59146 59148 3918a4 59146->59148 59150 3c527a messages 30 API calls 59148->59150 59151 3918b7 59150->59151 59153 3c527a messages 30 API calls 59151->59153 59155 3918ca 59153->59155 59157 3c527a messages 30 API calls 59155->59157 59159 3918dd 59157->59159 59161 3c527a messages 30 API calls 59159->59161 59163 3918f0 59161->59163 59165 3c527a messages 30 API calls 59163->59165 59167 391903 59165->59167 59195 38a2f0 59167->59195 59171 39192d 59172 39193f 59171->59172 59232 398330 31 API calls 3 library calls 59171->59232 59174 391961 59172->59174 59233 398330 31 API calls 3 library calls 59172->59233 59176 391983 59174->59176 59234 398330 31 API calls 3 library calls 59174->59234 59178 3919a5 59176->59178 59235 398330 31 API calls 3 library calls 59176->59235 59180 3919c7 59178->59180 59236 398330 31 API calls 3 library calls 59178->59236 59182 3919ee 59180->59182 59180->59184 59237 398330 31 API calls 3 library calls 59182->59237 59238 3aed8e 31 API calls 2 library calls 59184->59238 59187 393ec5 59185->59187 59186 39187e 59186->59144 59230 397500 31 API calls 3 library calls 59186->59230 59187->59186 59188 363800 39 API calls 59187->59188 59189 39402c 59188->59189 59189->59186 59190 394145 59189->59190 59191 39414f 59190->59191 59239 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59190->59239 59240 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59191->59240 59194 394159 59196 3c527a messages 30 API calls 59195->59196 59197 38a366 59196->59197 59198 3c527a messages 30 API calls 59197->59198 59199 38a3b0 59198->59199 59241 38e560 59199->59241 59201 38a3f8 Concurrency::cancel_current_task 59202 3c527a messages 30 API calls 59201->59202 59203 38a420 59202->59203 59204 3c527a messages 30 API calls 59203->59204 59205 38a467 59204->59205 59206 38e560 29 API calls 59205->59206 59207 38a4ab Concurrency::cancel_current_task 59206->59207 59208 38a84c 59207->59208 59209 3c527a messages 30 API calls 59207->59209 59210 3c527a messages 30 API calls 59208->59210 59211 38a7ba 59209->59211 59212 38a873 59210->59212 59211->59208 59213 3c527a messages 30 API calls 59211->59213 59246 38dfe0 59212->59246 59213->59211 59216 3c527a messages 30 API calls 59217 38a8f7 59216->59217 59254 376c00 59217->59254 59219 38a93b 59264 38dd80 59219->59264 59221 38a94e Concurrency::cancel_current_task 59222 38a9a0 PowerGetActiveScheme 59221->59222 59223 38a9dc 59222->59223 59224 38a9c0 59222->59224 59226 3c4f0a __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 59223->59226 59268 38abc0 59224->59268 59228 38a9f5 59226->59228 59231 3906e0 31 API calls messages 59228->59231 59230->59144 59231->59171 59232->59172 59233->59174 59234->59176 59235->59178 59236->59180 59237->59184 59239->59191 59240->59194 59244 38e573 Concurrency::cancel_current_task 59241->59244 59245 38e5a3 59241->59245 59242 38e560 29 API calls 59242->59244 59244->59242 59244->59245 59298 38afa0 29 API calls 2 library calls 59244->59298 59245->59201 59247 38e050 59246->59247 59253 38e0e2 59246->59253 59248 3c527a messages 30 API calls 59247->59248 59252 38e065 59248->59252 59249 3c527a messages 30 API calls 59250 38a8c9 59249->59250 59250->59216 59251 3c527a messages 30 API calls 59251->59252 59252->59251 59252->59253 59253->59249 59255 376c22 59254->59255 59256 376c9c Concurrency::cancel_current_task 59254->59256 59257 376cf0 Concurrency::cancel_current_task 59255->59257 59258 376c60 59255->59258 59259 376c39 59255->59259 59256->59219 59260 376c4a 59258->59260 59262 3c527a messages 30 API calls 59258->59262 59259->59257 59261 3c527a messages 30 API calls 59259->59261 59260->59256 59299 3ca38f 29 API calls 2 library calls 59260->59299 59261->59260 59262->59260 59265 38dd98 59264->59265 59266 38ddac 59264->59266 59265->59266 59300 38e790 34 API calls 2 library calls 59265->59300 59266->59221 59269 38ac20 PowerEnumerate 59268->59269 59285 38ac3f Concurrency::cancel_current_task 59269->59285 59270 38ac7c PowerEnumerate 59270->59285 59272 38af5e 59273 3c4f0a __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 59272->59273 59274 38a9d5 59273->59274 59288 38b2d0 59274->59288 59275 3c527a messages 30 API calls 59275->59285 59276 38af7b 59305 3ca38f 29 API calls 2 library calls 59276->59305 59279 376c00 31 API calls 59279->59285 59280 38abc0 37 API calls 59280->59285 59285->59269 59285->59270 59285->59272 59285->59275 59285->59276 59285->59279 59285->59280 59301 38e680 31 API calls 5 library calls 59285->59301 59302 38a250 31 API calls 3 library calls 59285->59302 59303 38b030 31 API calls 2 library calls 59285->59303 59304 38e300 34 API calls 2 library calls 59285->59304 59289 38b3ba 59288->59289 59290 363800 39 API calls 59289->59290 59291 38b3bf 59290->59291 59306 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59291->59306 59293 38b59c 59307 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59293->59307 59295 38b5a6 59308 3635d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59295->59308 59297 38b5b0 59298->59244 59300->59265 59301->59285 59302->59285 59303->59285 59304->59285 59306->59293 59307->59295 59308->59297

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00394FA7 Relevance: 42.5, APIs: 13, Strings: 11, Instructions: 528commemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?), ref: 00394FDE
                                                                                                                                                                                                                  • CoCreateInstance.OLE32(003F0450,00000000,00000001,003F0440,00000000), ref: 00395005
                                                                                                                                                                                                                  • SysAllocString.OLEAUT32 ref: 0039504B
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(-00000001), ref: 003950B5
                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 003950FF
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 003951AA
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 003951F9
                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0039529B
                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 003952AE
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0039551E
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(00000003), ref: 0039552B
                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 003955EB
                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 003955F5
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: StringVariant$Free$ClearInit_com_issue_error$AllocBlanketCreateInitializeInstanceProxySecurity
                                                                                                                                                                                                                  • String ID: Adapter$File System Driver$Kernel Driver$Own Process$ProcessId$ROOT\CIMV2$Recognizer Driver$SELECT ProcessId, ServiceType FROM Win32_Service$ServiceType$Share Process$WQL
                                                                                                                                                                                                                  • API String ID: 1750940811-821176035
                                                                                                                                                                                                                  • Opcode ID: bc7f136afc2ed9daaad61309906245a59560727eac6d0ea6fd101ec7f8be9147
                                                                                                                                                                                                                  • Instruction ID: 7206a92c6e7abe11fbfbabf7c7ffbd97ad11f11dc0bc4c89e99c95b361e02070
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc7f136afc2ed9daaad61309906245a59560727eac6d0ea6fd101ec7f8be9147
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E512DD71A007089BEF27DFA4C855BAEB7B5AF10704F268458E846EF291E771ED84CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003A1610 Relevance: 41.1, APIs: 15, Strings: 8, Instructions: 872sleeppipeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 003AD190: __Mtx_unlock.LIBCPMT ref: 003AD24C
                                                                                                                                                                                                                  • OpenEventW.KERNEL32(001F0003,00000001,Local\fast!,/noui), ref: 003A177C
                                                                                                                                                                                                                  • PulseEvent.KERNEL32(00000228), ref: 003A1798
                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000000,Local\fast!), ref: 003A17AE
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 003A1BCB
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 003A1BF9
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 003A1C27
                                                                                                                                                                                                                    • Part of subcall function 003A2490: Concurrency::cancel_current_task.LIBCPMT ref: 003A263B
                                                                                                                                                                                                                  • CreateNamedPipeW.KERNEL32(\\.\pipe\veryfastapp,00000003,00000000,00000001,00004000,00004000,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?), ref: 003A203F
                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?), ref: 003A2074
                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,open,nwjs\nw,ui\.,00000000,00000001), ref: 003A2099
                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064,00000001,?,?,?,?,?,?,?,?), ref: 003A20B9
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003A2176
                                                                                                                                                                                                                  • __Mtx_destroy_in_situ.LIBCPMT ref: 003A2190
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?), ref: 003A21CA
                                                                                                                                                                                                                    • Part of subcall function 003A1420: GetModuleFileNameW.KERNEL32(00000000,?,00000104,6CA27FDA), ref: 003A145A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Count64EventTick$CreateMtx_unlockSleep$Concurrency::cancel_current_taskExecuteFileFreeLibraryModuleMtx_destroy_in_situNameNamedOpenPipePulseShell
                                                                                                                                                                                                                  • String ID: /noui$Local\fast!$\\.\pipe\veryfastapp$nwjs\nw$open$ui\.$y${
                                                                                                                                                                                                                  • API String ID: 2719173829-3323203072
                                                                                                                                                                                                                  • Opcode ID: dc8aba8348c8b21816c50253cd544c5e200efd0c632133f7bb44bc2fe5912949
                                                                                                                                                                                                                  • Instruction ID: 3a5f18629c6aac45f80864f7c4c4a4568a4b6f4ca35471dc91eb68cae45100a9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc8aba8348c8b21816c50253cd544c5e200efd0c632133f7bb44bc2fe5912949
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4725B70A002199FDB26DF64CC95BEAB7B4FF46304F0441E9E509AB691DB71AE84CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037F090 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 275COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 367 37f090-37f0cc LookupPrivilegeValueW 368 37f0d2-37f0d9 call 363800 367->368 369 37f1a1-37f1d0 GetCurrentProcess OpenProcessToken 367->369 378 37f3f1-37f3f6 call 3635d0 368->378 379 37f0df-37f102 call 362940 368->379 371 37f1d6-37f1dd call 363800 369->371 372 37f2bc-37f2d3 AdjustTokenPrivileges 369->372 371->378 383 37f1e3-37f206 call 362940 371->383 375 37f2d9-37f2e2 call 363800 372->375 376 37f3b8-37f3c1 CloseHandle 372->376 375->378 386 37f2e8-37f309 call 362940 375->386 380 37f3c3-37f3dc call 3c4f0a 376->380 387 37f3fb-37f405 call 3635d0 378->387 399 37f104-37f10e call 362c70 379->399 400 37f113-37f123 call 363800 379->400 402 37f217-37f227 call 363800 383->402 403 37f208-37f212 call 362c70 383->403 407 37f30b-37f315 call 362c70 386->407 408 37f31a-37f32a call 363800 386->408 399->400 411 37f3dd-37f3e2 call 3635d0 400->411 412 37f129-37f147 call 362940 400->412 417 37f3e7-37f3ec call 3635d0 402->417 418 37f22d-37f24b call 362940 402->418 403->402 407->408 408->387 422 37f330-37f34e call 362940 408->422 411->417 429 37f149-37f153 call 362c70 412->429 430 37f158-37f188 GetLastError call 37bde0 412->430 417->378 432 37f24d-37f257 call 362c70 418->432 433 37f25c-37f28c GetLastError call 37bde0 418->433 437 37f350-37f35a call 362c70 422->437 438 37f35f-37f38f GetLastError call 37bde0 422->438 429->430 445 37f192-37f19c 430->445 446 37f18a-37f18d 430->446 432->433 448 37f296-37f29d 433->448 449 37f28e-37f291 433->449 437->438 451 37f391-37f394 438->451 452 37f399-37f3ae 438->452 450 37f2a0-37f2ab 445->450 446->445 448->450 449->448 453 37f2b5-37f2b7 450->453 454 37f2ad-37f2b0 450->454 451->452 452->376 455 37f3b0-37f3b3 452->455 453->380 454->453 455->376
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,6CA27FDA), ref: 0037F0C4
                                                                                                                                                                                                                  • GetLastError.KERNEL32(Error), ref: 0037F15C
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0037F1BB
                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000020,?), ref: 0037F1C8
                                                                                                                                                                                                                  • AdjustTokenPrivileges.KERNELBASE(?,00000000,00000001,00000010,00000000,00000000), ref: 0037F2CB
                                                                                                                                                                                                                  • GetLastError.KERNEL32(Error), ref: 0037F260
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  • GetLastError.KERNEL32(Error), ref: 0037F363
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0037F3BB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastProcess$Token$AdjustCloseCurrentFindHandleHeapLookupOpenPrivilegePrivilegesResourceValue
                                                                                                                                                                                                                  • String ID: AdjustTokenPrivileges error.$Error$LookupPrivilegeValue error.$OpenProcessToken failed with error.$SeDebugPrivilege
                                                                                                                                                                                                                  • API String ID: 3665549869-1421965758
                                                                                                                                                                                                                  • Opcode ID: 23c874d5e8076678b6ab6d23c14a6fa37d6aef729d08110f5e8f94c71bac49f6
                                                                                                                                                                                                                  • Instruction ID: b2b432d6535768e4320665e927bca21d5262416c08dbd084978251b07f14ff32
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23c874d5e8076678b6ab6d23c14a6fa37d6aef729d08110f5e8f94c71bac49f6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20A1A470A00609DFEB12DFA8C949BEEB7B4FF05324F158158E515AB2D2EB349E04CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AD290 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 324commemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 280 3ad290-3ad2da CoInitializeEx 281 3ad429-3ad43e 280->281 282 3ad2e0-3ad2fa CoInitializeSecurity 280->282 283 3ad423 CoUninitialize 282->283 284 3ad300-3ad321 CoCreateInstance 282->284 283->281 284->283 285 3ad327-3ad346 call 3c527a 284->285 288 3ad348-3ad365 SysAllocString 285->288 289 3ad36d 285->289 290 3ad36b 288->290 291 3ad616-3ad61b call 3c4c10 288->291 292 3ad36f-3ad37b 289->292 290->292 294 3ad620-3ad62a call 3c4c10 291->294 292->294 295 3ad381-3ad3b8 292->295 299 3ad3ba-3ad3be 295->299 300 3ad3f2-3ad3f4 295->300 301 3ad3cd-3ad3d2 299->301 302 3ad3c0-3ad3c7 SysFreeString 299->302 303 3ad41a-3ad41e 300->303 304 3ad3f6-3ad40f CoSetProxyBlanket 300->304 305 3ad3e4-3ad3ef call 3c4f18 301->305 306 3ad3d4-3ad3dd call 3c53c8 301->306 302->301 303->283 307 3ad43f-3ad471 call 39e190 * 2 304->307 308 3ad411-3ad415 304->308 305->300 306->305 317 3ad473-3ad475 307->317 318 3ad477 307->318 308->303 319 3ad479-3ad47d 317->319 318->319 320 3ad47f-3ad481 319->320 321 3ad483 319->321 322 3ad485-3ad4a3 320->322 321->322 324 3ad4ef-3ad4fb 322->324 325 3ad4a5-3ad4ad 322->325 326 3ad53e-3ad542 324->326 327 3ad4fd-3ad503 324->327 328 3ad4e8 325->328 329 3ad4af-3ad4b1 325->329 326->308 331 3ad548-3ad55b 326->331 327->326 332 3ad505-3ad507 327->332 328->324 329->328 330 3ad4b3-3ad4b7 329->330 333 3ad4b9-3ad4c0 SysFreeString 330->333 334 3ad4c6-3ad4cb 330->334 335 3ad5df-3ad5f7 CoUninitialize 331->335 336 3ad561 331->336 332->326 337 3ad509-3ad50d 332->337 333->334 338 3ad4dd-3ad4e5 call 3c4f18 334->338 339 3ad4cd-3ad4d6 call 3c53c8 334->339 357 3ad600-3ad615 335->357 340 3ad567-3ad57d 336->340 341 3ad50f-3ad516 SysFreeString 337->341 342 3ad51c-3ad521 337->342 338->328 339->338 340->335 356 3ad57f-3ad59a 340->356 341->342 343 3ad533-3ad53b call 3c4f18 342->343 344 3ad523-3ad52c call 3c53c8 342->344 343->326 344->343 358 3ad59e-3ad5a3 356->358 359 3ad5a9-3ad5ae 358->359 360 3ad5a5-3ad5a7 358->360 362 3ad5b0-3ad5b9 359->362 361 3ad5bf-3ad5dd call 362c70 VariantClear 360->361 361->335 361->340 362->362 363 3ad5bb-3ad5bd 362->363 363->361
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000,6CA27FDA,?,00000010), ref: 003AD2D2
                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000010), ref: 003AD2F2
                                                                                                                                                                                                                  • CoCreateInstance.OLE32(003F0450,00000000,00000001,003F0440,?,?,00000010), ref: 003AD319
                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(ROOT\CIMV2), ref: 003AD35B
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32 ref: 003AD3C1
                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 003AD407
                                                                                                                                                                                                                  • CoUninitialize.OLE32(?,00000010), ref: 003AD423
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 003AD4BA
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 003AD510
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 003AD5CD
                                                                                                                                                                                                                  • CoUninitialize.OLE32(00000000), ref: 003AD5F7
                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 003AD61B
                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 003AD625
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: String$Free$InitializeUninitialize_com_issue_error$AllocBlanketClearCreateInstanceProxySecurityVariant
                                                                                                                                                                                                                  • String ID: ROOT\CIMV2$SELECT * FROM Win32_ComputerSystemProduct$UUID$WQL
                                                                                                                                                                                                                  • API String ID: 1007591970-4235021490
                                                                                                                                                                                                                  • Opcode ID: 723c69ef1f5fdf615f366cc17e111999346e9be4733fd6e0b73b2f4cf3399f6d
                                                                                                                                                                                                                  • Instruction ID: 10bc728099f21de3a56065a2e2c491a417fe20b26c26a61e336d4720fd1d8e05
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 723c69ef1f5fdf615f366cc17e111999346e9be4733fd6e0b73b2f4cf3399f6d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92B16E71A00305ABEB25DF55CC45BAEB7B8EF05B14F244218F916AB6D0DB75A901CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037E670 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 141serviceCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 0037E83C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32 ref: 0037E73B
                                                                                                                                                                                                                  • OpenServiceW.ADVAPI32(00000000,?,000F003F), ref: 0037E751
                                                                                                                                                                                                                  • ControlService.ADVAPI32(00000000,00000001,?), ref: 0037E774
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: OpenService$ControlFindHeapManagerMtx_unlockProcessResource
                                                                                                                                                                                                                  • String ID: FastSrv
                                                                                                                                                                                                                  • API String ID: 1621622955-3919950210
                                                                                                                                                                                                                  • Opcode ID: ba8eaf86d9e463aac6fad8d50d76d31bfa45d829e22adf5eb63ea66249cb423b
                                                                                                                                                                                                                  • Instruction ID: afc3bdd70a80bbbced259190d198023a7dcd4bc4752a78dc21fa23727b7e5716
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba8eaf86d9e463aac6fad8d50d76d31bfa45d829e22adf5eb63ea66249cb423b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B51A0B1900B45EFD716DF64C845BAAF7F4FF15300F10821EE919AB681EB79A504CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00391114 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00391147
                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(6CA27FDA,?,?,?,0037E670), ref: 0039142D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentMtx_unlockProcess
                                                                                                                                                                                                                  • String ID: invalid unordered_map<K, T> key$T8
                                                                                                                                                                                                                  • API String ID: 2892850118-3870718432
                                                                                                                                                                                                                  • Opcode ID: 2927089cdc3c0bcb79f98195aa8d2e2f9ae4a44b405d0a4821417d65b1e82b8d
                                                                                                                                                                                                                  • Instruction ID: db6b68229f8bdbba4e7dc8989a9d479b6eed96036bda3323513460549361b60c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2927089cdc3c0bcb79f98195aa8d2e2f9ae4a44b405d0a4821417d65b1e82b8d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E918AB09006069FEB15DF28C989B5ABBF0FF04304F14856DE8499F782E7B5E918CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003A30D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 565 3a30d0-3a315d RegCreateKeyW RegQueryValueExW CloseHandle 566 3a3160-3a3169 565->566 566->566 567 3a316b-3a3172 566->567 568 3a3178-3a31b0 call 363800 call 362940 567->568 569 3a325d-3a3276 call 3c4f0a 567->569 578 3a31e2-3a322b call 3a2bd0 call 3a7120 call 37f780 568->578 579 3a31b2-3a31bb 568->579 589 3a322d-3a3230 578->589 590 3a3235-3a323e 578->590 580 3a31c0-3a31c9 579->580 580->580 582 3a31cb-3a31dd call 362c70 580->582 582->578 589->590 591 3a3241-3a324a 590->591 591->591 592 3a324c-3a3258 call 362c70 591->592 592->569
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 003A3110
                                                                                                                                                                                                                  • RegQueryValueExW.KERNELBASE(?,SettingV1,00000000,?,?,?), ref: 003A3142
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003A314E
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateFindHandleQueryResourceValue
                                                                                                                                                                                                                  • String ID: SettingV1
                                                                                                                                                                                                                  • API String ID: 127121544-37080684
                                                                                                                                                                                                                  • Opcode ID: b6879187be0eae7071c8da2748a32ac8a40f30466468b5c7e37c5e0668ecf50f
                                                                                                                                                                                                                  • Instruction ID: fca76e3e17eaa488931ffcd68a027b264dcd62f8ddb598b7b781c8303c743323
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6879187be0eae7071c8da2748a32ac8a40f30466468b5c7e37c5e0668ecf50f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB41A27584011E9BCB25EF18CC99BEAB7B8FF15314F0046D9E41AA7591EB30AB85CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00380E03 Relevance: 6.2, APIs: 4, Instructions: 236registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 594 380e03-380e38 call 3c53bf RegQueryValueExW 597 380e3a-380e4c call 363800 CloseHandle call 3c53c8 594->597 598 380e51-380e65 call 3d2dbd 594->598 612 38108c-381096 call 3635d0 597->612 613 380dc6-380dd0 597->613 604 380e6b-380e6d 598->604 605 380f8c-380f8e 598->605 604->597 607 380e6f-380e78 call 363800 604->607 605->597 608 380f94-380f9d call 363800 605->608 607->612 616 380e7e-380e98 607->616 608->612 618 380fa3-380fbe 608->618 623 380dd2-380de5 613->623 626 380e9e-380ead 616->626 627 381082-381087 call 3635d0 616->627 624 381071-381076 618->624 625 380fc4-380fd3 618->625 630 38107d call 3635d0 624->630 628 380fe4-380fe7 625->628 629 380fd5-380fe1 call 362c10 625->629 631 380ebe-380ec1 626->631 632 380eaf-380ebb call 362c10 626->632 627->612 628->624 635 380fed-380ffa 628->635 629->628 630->627 631->627 638 380ec7-380ed4 631->638 632->631 642 380ffc-38100a call 362dd0 635->642 643 38100d-38101a call 3d2f6d 635->643 639 380ee4-380ee9 638->639 640 380ed6-380ee1 call 362dd0 638->640 646 380f38-380f46 639->646 647 380eeb-380eed 639->647 640->639 642->643 660 380eff-380f1a CloseHandle call 3c53c8 call 363800 643->660 661 381020-38102a FindCloseChangeNotification call 3c53c8 643->661 646->627 651 380f4c-380f5b 646->651 652 380f2d-380f35 call 3c6cb0 647->652 653 380eef-380efa call 3ca47d call 3ca37f 647->653 657 380f6c-380f78 651->657 658 380f5d-380f69 call 362c10 651->658 652->646 653->660 657->627 665 380f7e-380f87 657->665 658->657 677 381078 660->677 678 380f20-380f28 660->678 668 38102f-381037 call 362b20 661->668 665->661 674 38103c-38104f 668->674 674->623 676 381055-381070 674->676 677->630 678->674
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegQueryValueExW.KERNELBASE(?,?,00000000,?,00000000,?), ref: 00380E30
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,?), ref: 00380E3D
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00380F02
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseHandle$HeapProcessQueryValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2212251029-0
                                                                                                                                                                                                                  • Opcode ID: 1a9a06c343b594b20d113f0409367bc964ce8e907554cc9c167654e09b96f0f1
                                                                                                                                                                                                                  • Instruction ID: b3dc312957b984419bf14871162f9b7d73594109b78cb195308b06e397689398
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a9a06c343b594b20d113f0409367bc964ce8e907554cc9c167654e09b96f0f1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5481BDB1A002069FDB1AEF64CC41AAFF7B9EF44300F15846DE902EB251EB71AD45CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AD190 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 681 3ad190-3ad1bd 682 3ad1c3-3ad1d9 call 3ae132 681->682 683 3ad254-3ad268 681->683 686 3ad269-3ad26b call 3aed8e 682->686 687 3ad1df-3ad1e9 682->687 689 3ad270-3ad278 call 3aed8e 686->689 688 3ad1ef-3ad1fd 687->688 687->689 691 3ad1ff-3ad21b call 3c527a call 363800 688->691 692 3ad247-3ad251 call 3ae157 688->692 696 3ad27d-3ad287 call 3635d0 689->696 691->696 703 3ad21d-3ad234 call 3ad290 691->703 692->683 706 3ad239-3ad245 call 3ad630 703->706 706->692
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003AD24C
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 003AD290: CoInitializeEx.OLE32(00000000,00000000,6CA27FDA,?,00000010), ref: 003AD2D2
                                                                                                                                                                                                                    • Part of subcall function 003AD290: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000010), ref: 003AD2F2
                                                                                                                                                                                                                    • Part of subcall function 003AD290: CoCreateInstance.OLE32(003F0450,00000000,00000001,003F0440,?,?,00000010), ref: 003AD319
                                                                                                                                                                                                                    • Part of subcall function 003AD290: SysAllocString.OLEAUT32(ROOT\CIMV2), ref: 003AD35B
                                                                                                                                                                                                                    • Part of subcall function 003AD290: SysFreeString.OLEAUT32 ref: 003AD3C1
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003AD26B
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003AD278
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorInitializeStringThrow_std::_$AllocCreateFreeHeapInstanceMtx_unlockProcessSecurity
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1505922456-0
                                                                                                                                                                                                                  • Opcode ID: 29a3f86b8b2ef218cf0a798728569310e771dbeb4ef767a67c9225457fc13268
                                                                                                                                                                                                                  • Instruction ID: 2fd02ac21af5be7ae6a109f786d10011e2998c76608a280f37eb6d96a5e29a5e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29a3f86b8b2ef218cf0a798728569310e771dbeb4ef767a67c9225457fc13268
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B221D7706002489FDB12EFA8C842B9A77E4EB01714F008539F925DB791EBB4A944CB95
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003D78D8 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,003D78D2,?,003CA182,?,?,6CA27FDA,003CA182,?), ref: 003D78E9
                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,003D78D2,?,003CA182,?,?,6CA27FDA,003CA182,?), ref: 003D78F0
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 003D7902
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                  • Opcode ID: 4468aef6471b32b25b5001bfce43f755927b84c2a3da405c826dd0b2c88f2cab
                                                                                                                                                                                                                  • Instruction ID: 82584825c923223636b1265e5a8cfeee7dfd65140218cf2a09bfb0f9257cd4f9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4468aef6471b32b25b5001bfce43f755927b84c2a3da405c826dd0b2c88f2cab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86D09E37004109ABCF573F65ED0D96D3F2AEF44351F414011F94959132EF319992DB40
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00391864 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 716 391864-39186c 717 391a1c-3933ff call 3aed8e call 3ae132 call 3aed8e call 3635d0 call 3aed8e call 3ca38f 716->717 718 391872-391893 call 393d70 716->718 724 39189d-391918 call 3c527a * 6 call 38a2f0 718->724 725 391895-391898 call 397500 718->725 752 39191d-39193d call 3906e0 724->752 725->724 755 39193f-391945 752->755 756 391947-39194e call 398330 752->756 757 391953-39195f 755->757 756->757 759 391969-391970 call 398330 757->759 760 391961-391967 757->760 761 391975-391981 759->761 760->761 763 39198b-391992 call 398330 761->763 764 391983-391989 761->764 765 391997-3919a3 763->765 764->765 767 3919ad-3919b4 call 398330 765->767 768 3919a5-3919ab 765->768 770 3919b9-3919c5 767->770 768->770 771 3919cf-3919d6 call 398330 770->771 772 3919c7-3919cd 770->772 773 3919db-3919e4 771->773 772->773 775 3919ee-3919f5 call 398330 773->775 776 3919e6-3919ec 773->776 777 3919fa-391a14 call 3ae157 775->777 776->777 777->717
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00391A22
                                                                                                                                                                                                                    • Part of subcall function 00393D70: LoadLibraryW.KERNEL32(ntdll.dll,6CA27FDA,?,?,00000006,00000005,00000005,?,?,?,?,?,00000005,00000006,00000005), ref: 00393D9C
                                                                                                                                                                                                                    • Part of subcall function 00393D70: GetProcAddress.KERNEL32(00000000,NtWow64ReadVirtualMemory64), ref: 00393DB0
                                                                                                                                                                                                                    • Part of subcall function 00393D70: GetProcAddress.KERNEL32(00000000,NtWow64QueryInformationProcess64), ref: 00393DB8
                                                                                                                                                                                                                    • Part of subcall function 00393D70: GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 00393DC0
                                                                                                                                                                                                                    • Part of subcall function 00393D70: GetProcAddress.KERNEL32(00000000,NtSetInformationProcess), ref: 00393DCD
                                                                                                                                                                                                                    • Part of subcall function 00393D70: GetProcAddress.KERNEL32(00000000,NtSuspendProcess), ref: 00393DDA
                                                                                                                                                                                                                    • Part of subcall function 00393D70: GetProcAddress.KERNEL32(00000000,NtResumeProcess), ref: 00393DE7
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003919FB
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc$Cpp_errorLibraryLoadMtx_unlockThrow_std::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2423495643-0
                                                                                                                                                                                                                  • Opcode ID: 221f500dc3bfda94f2a07e9030ac2d8453090878d301225d25cceab0ce6ba08c
                                                                                                                                                                                                                  • Instruction ID: 7b444a5853db04347fa571b5656afd32b96c6f2c8982ebf79d492d8eed4abb64
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 221f500dc3bfda94f2a07e9030ac2d8453090878d301225d25cceab0ce6ba08c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4371AFB0900606AFDF06DF54C992AAEF7B4FB45310F14426DE41AAB780DB34BD05CBA2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00394F00 Relevance: 3.1, APIs: 2, Instructions: 79COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000,6CA27FDA,?,00000000), ref: 00394F52
                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?), ref: 00394FDE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Initialize$Security
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 119290355-0
                                                                                                                                                                                                                  • Opcode ID: 087cc604e217cd8af51998cfb77bff47e33a1f4d04dc12f519a8f96bf2021bf7
                                                                                                                                                                                                                  • Instruction ID: 22466df17ed810acec086ec573316bd4e5578739f09f1d5f2365cfcab2d57f2d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 087cc604e217cd8af51998cfb77bff47e33a1f4d04dc12f519a8f96bf2021bf7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B31A070E04309EBEB11DF65CC06FAEBBB4FB04710F10426AE915AB2C1EB706A04CB55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0038A2F0 Relevance: 1.9, APIs: 1, Instructions: 364COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PowerGetActiveScheme.POWRPROF(00000000,00000000,00000010,00000000,00000000,?,00000000,?,?,?,00000000,?), ref: 0038A9B6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ActivePowerScheme
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 556561246-0
                                                                                                                                                                                                                  • Opcode ID: 2515354c63662771161804c2fe74e88852b9c6d3b5d80f5eadb79051b579dcd6
                                                                                                                                                                                                                  • Instruction ID: e2441e2b08a7b96673c74a55f74857837edda27941380ea1d5249a956e37c775
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2515354c63662771161804c2fe74e88852b9c6d3b5d80f5eadb79051b579dcd6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B81208B0C05769CAEB21CF14C949799BBB0FF59308F1092D9D94CAB252E7B56AC8CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037E5D0 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 850 37e5d0-37e66b GetTickCount64 call 3913f0
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 0037E658
                                                                                                                                                                                                                    • Part of subcall function 00391114: GetCurrentProcessId.KERNEL32(6CA27FDA,?,?,?,0037E670), ref: 0039142D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Count64CurrentProcessTick
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 394760598-0
                                                                                                                                                                                                                  • Opcode ID: ff05a1d4e4320917f766bf53430a28f8059d81af66156d7e0e692f8bb0f5bf1f
                                                                                                                                                                                                                  • Instruction ID: 6871693963dcb6e122efec29a2cddf222cb809238792c7d81f05aad32e93ae1f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff05a1d4e4320917f766bf53430a28f8059d81af66156d7e0e692f8bb0f5bf1f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 731148B0804B44DBD320CF2AC984717BFF8FB08714F004A2DE49A97A80D7B4A5088B91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00394945 Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 448nativeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • NtQueryInformationProcess.NTDLL(?,00000021,?,00000004,00000004), ref: 00394961
                                                                                                                                                                                                                  • GetProcessPriorityBoost.KERNEL32(?,?), ref: 0039498C
                                                                                                                                                                                                                  • NtQueryInformationProcess.NTDLL(?,0000004D,?,0000000C,00000004), ref: 00394ADB
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$InformationQuery$BoostFindHeapPriorityResource
                                                                                                                                                                                                                  • String ID: Error$GetProcessPriorityBoost failed.$NtQueryInformationProcess( IoPriority ) failed.$NtQueryInformationProcess( MemoryPriority ) failed.$NtQueryInformationProcess( PowerThrottling ) failed.
                                                                                                                                                                                                                  • API String ID: 1022449687-538589305
                                                                                                                                                                                                                  • Opcode ID: 878f0a94c358e18a0d78ce33d94e60cae4630d2d591d52008b3403b98178adbb
                                                                                                                                                                                                                  • Instruction ID: eab82503694931f87bca12885acb3dc7792d04d9484b19868cd73faa5f27f913
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 878f0a94c358e18a0d78ce33d94e60cae4630d2d591d52008b3403b98178adbb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B12A170D01649DBEF12CFA8C945BEDFBB0BF51304F258258E404AF296EBB49A49CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037F410 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 267registrynetworkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • InternetCheckConnectionW.WININET(https://veryfast.io/,00000001,00000000), ref: 0037F460
                                                                                                                                                                                                                  • InternetCheckConnectionW.WININET(https://veryfast.io/,00000001,00000000), ref: 0037F4B4
                                                                                                                                                                                                                  • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 0037F674
                                                                                                                                                                                                                  • RegSetKeyValueW.ADVAPI32(?,003FBC8C,SettingV1,00000001,?,?,?,00410548), ref: 0037F6AE
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00410548), ref: 0037F6C5
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CheckConnectionInternet$CloseCreateHandleValue
                                                                                                                                                                                                                  • String ID: SettingV1$https://veryfast.io/
                                                                                                                                                                                                                  • API String ID: 2665258096-3191702569
                                                                                                                                                                                                                  • Opcode ID: 1ad4269c710e09e436155374ebcbba240cee992bf99c424e9dec157b621ae43f
                                                                                                                                                                                                                  • Instruction ID: 0207482ebb9c8e260867c05e4ba7e453af114896b844fc197822bd3fbb9ca337
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ad4269c710e09e436155374ebcbba240cee992bf99c424e9dec157b621ae43f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46A1C471D002489FDB16DBA8C855BEEB7B9FF05310F148269F415EB292EB74A944CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00380BA0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(gdi32.dll,?,?,00380CFE,?,00000005), ref: 00380BAF
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetDeviceGammaRamp), ref: 00380BC1
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,SetDeviceGammaRamp), ref: 00380BD1
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000005), ref: 00380BEA
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressLibraryProc$FreeLoad
                                                                                                                                                                                                                  • String ID: GetDeviceGammaRamp$SetDeviceGammaRamp$gdi32.dll
                                                                                                                                                                                                                  • API String ID: 2256533930-872364236
                                                                                                                                                                                                                  • Opcode ID: c55cbc482fee47b15d539fbe8403b3fe396437b2bef205abc1d50bc532eb838d
                                                                                                                                                                                                                  • Instruction ID: 859358481d4b1c36a3bf3cc0a88dc6582adfc53428dd5b87f616476523b12479
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c55cbc482fee47b15d539fbe8403b3fe396437b2bef205abc1d50bc532eb838d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DF037B4640307EFDB0B6FAAD888925F7A8FF14309750C43AE511C2212DB74D864CF20
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039E310 Relevance: 10.7, APIs: 7, Instructions: 232timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,6CA27FDA,?,?), ref: 0039E38A
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0039E3A8
                                                                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 0039E3CF
                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,6CA27FDA,?,?), ref: 0039E433
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0039E451
                                                                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 0039E479
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0039E609
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ProcessTime$FileOpenSystemTimes$CloseHandle
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4159735832-0
                                                                                                                                                                                                                  • Opcode ID: 4fe5ab7fc54183b98a3aa2d205a21f79be3b354e9c46e7886ff4ab080f36ce31
                                                                                                                                                                                                                  • Instruction ID: dfa005972b99bfd36a796bb9e7c2c72e54ee80545f28c24d5f2b93e523a79568
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fe5ab7fc54183b98a3aa2d205a21f79be3b354e9c46e7886ff4ab080f36ce31
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CA1A071E10A19DBCB06DFB8C945AAEF7B5FF58310F11832AE505A7250EB30B851CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003E27AD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 003DA2C0: GetLastError.KERNEL32(?,00000000,003D2C70,004091C0,00000008,00000003,003CA182,?,003CA0F1,00000004,?,003CA300), ref: 003DA2C4
                                                                                                                                                                                                                    • Part of subcall function 003DA2C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,?,?,00000000,?,?,?,003D80B6,00409328,0000000C,003D8374), ref: 003DA366
                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 003E28B5
                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 003E28F3
                                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 003E2906
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 003E294E
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 003E2969
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                  • String ID: <e?
                                                                                                                                                                                                                  • API String ID: 415426439-2094823225
                                                                                                                                                                                                                  • Opcode ID: 9e070c927db38c12608a8d2f2d9673174d9a215df1ad71895ca093e23411c06d
                                                                                                                                                                                                                  • Instruction ID: 1cd5c02f51106fc9d7cf3aaabf12f4436810a27b31f1cbbaf8808da419389158
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e070c927db38c12608a8d2f2d9673174d9a215df1ad71895ca093e23411c06d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7515072A00266AFDB16DFA6DC41ABFB7BCBF04700F194669B900EB1D1DB709944CB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00385860 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 95keyboardCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000079), ref: 00385876
                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00385883
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 003858BC
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 00385913
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 00385940
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • invalid unordered_map<K, T> key, xrefs: 00385965
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Count64Tick$AsyncState
                                                                                                                                                                                                                  • String ID: invalid unordered_map<K, T> key
                                                                                                                                                                                                                  • API String ID: 381133608-353222475
                                                                                                                                                                                                                  • Opcode ID: 99e86c0489915f80ad2b4acf295f4bec9df9a8afd675a7e6a958f5842b644ffe
                                                                                                                                                                                                                  • Instruction ID: 6d9c16ffaabc95620c4bf115658bde6e677542c59464fb2e9ac45c20c79d1258
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99e86c0489915f80ad2b4acf295f4bec9df9a8afd675a7e6a958f5842b644ffe
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B31B3765053059BC711EF54D9819ABBBECFF88310F4006AEF985D7251EB30E958CBA2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003E25D1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,003E28E3,00000002,00000000,?,?,?,003E28E3,?,00000000), ref: 003E266A
                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,003E28E3,00000002,00000000,?,?,?,003E28E3,?,00000000), ref: 003E2693
                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,003E28E3,?,00000000), ref: 003E26A8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                  • Opcode ID: d4cd5e627b94382bfea77d0c9fd93a66f122942336b3c1b715a29d7086e5d35e
                                                                                                                                                                                                                  • Instruction ID: 99c89f7a130826bf1375605b4282efcd02f12c410978b7ee02a10ea53977e734
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4cd5e627b94382bfea77d0c9fd93a66f122942336b3c1b715a29d7086e5d35e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4621F5727001A1AADB378F26C904BA773AEBB54B54B578724E909D7180FBB2DE00C350
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00390EF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99nativeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000200,00000000,?,6CA27FDA,?,?), ref: 00390F33
                                                                                                                                                                                                                  • NtSetInformationProcess.NTDLL(?,0000004D,00390E9A,0000000C), ref: 00390FBB
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 00390FC5
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$Count64InformationOpenTick
                                                                                                                                                                                                                  • String ID: |&?
                                                                                                                                                                                                                  • API String ID: 2384070097-3608340031
                                                                                                                                                                                                                  • Opcode ID: 3112079122312bc3fa68d193fb16bae18ebbf5f7aacb51547dd5dfe0e7f74449
                                                                                                                                                                                                                  • Instruction ID: 8502896a4058b73d8a5520643343604e937d7633741ae8995c37859cf5e37966
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3112079122312bc3fa68d193fb16bae18ebbf5f7aacb51547dd5dfe0e7f74449
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2413B74D0120ADFDF25CFA5C554BAEBBB8FF04310F20856AE812A7681D775AA44CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003D19D0 Relevance: 6.5, APIs: 4, Instructions: 455COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 80574304780fa03931576ce0673ccaedb6783fd5de0d55e5dbffff9e756aead7
                                                                                                                                                                                                                  • Instruction ID: 2840df099d84be5da20df6b9e20b7126c1b1e42d98dfc0d67d42341dadbd9431
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80574304780fa03931576ce0673ccaedb6783fd5de0d55e5dbffff9e756aead7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D022D72E01219ABDF15CFA9D8806ADFBB5FF48314F25826AD915EB340D731AE41CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003DF3F6 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 003DF491
                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 003DF50C
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 003DF52E
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 003DF551
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1164774033-0
                                                                                                                                                                                                                  • Opcode ID: e06b66820232f5eece1d4d071e2c20b108c7de9808da86eb5f29385c80594fe3
                                                                                                                                                                                                                  • Instruction ID: f14fb2d7872cd4657b65bfbe967a1a7f0858a02145d41905400152547b2ca8c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e06b66820232f5eece1d4d071e2c20b108c7de9808da86eb5f29385c80594fe3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B141C973900119AFDB22DF69ECC9DBBB779EB85305F0041A6E406D7244E7309E80CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C5C14 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003C5C20
                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 003C5CEC
                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003C5D0C
                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 003C5D16
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                                                                                                  • Opcode ID: 0fb5b0f7bffb99177a02c56577d0484cdae350e464979f3653c1b8142372a5bb
                                                                                                                                                                                                                  • Instruction ID: a17fe5e480ae051fe1d19103d2c850e4eb6397538710f869f3af845f7f3a04a5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fb5b0f7bffb99177a02c56577d0484cdae350e464979f3653c1b8142372a5bb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3311875D0531C9BDB21EFA4D989BCDBBB8AF08300F1041AAE40DAB251EB705E85CF54
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00385600 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87nativeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000200,00000000,?,6CA27FDA), ref: 00385642
                                                                                                                                                                                                                  • NtSetInformationProcess.NTDLL(?,00000021,00989680,00000004), ref: 003856BB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$InformationOpen
                                                                                                                                                                                                                  • String ID: |&?
                                                                                                                                                                                                                  • API String ID: 2499121057-3608340031
                                                                                                                                                                                                                  • Opcode ID: aeed74a6dc1085a876a4d563f561b3f8a3e62dd6bab3e1e390fb2b098e132d0d
                                                                                                                                                                                                                  • Instruction ID: ece519d5f54f47a0db6ba9cacaf3355af07fce8c485ad23c6d4ed1c09852107f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aeed74a6dc1085a876a4d563f561b3f8a3e62dd6bab3e1e390fb2b098e132d0d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE314E74A0130DDFDF15DFA0D545BAEBBB8FF04304F60816AE815AB690DB74AA44CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00363460 Relevance: 4.5, APIs: 3, Instructions: 48COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000,00000001,00000000,?,?,0036351C,?,?,00000000,00000000,?,?,?), ref: 0036346C
                                                                                                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,0036351C,?,?,00000000,00000000,?,?,?,?,?,0036296A,?,?), ref: 00363477
                                                                                                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000,?,?,0036351C,?,?,00000000,00000000,?,?,?,?,?,0036296A), ref: 00363485
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2853612939-0
                                                                                                                                                                                                                  • Opcode ID: adb255128711c733ed239eec114d20028b876c76d34f653095f98f969be81cc5
                                                                                                                                                                                                                  • Instruction ID: 95b7a5d18638ad5b960584449a72ccc5e2f210a272dc107f1c5400dc16f100a6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adb255128711c733ed239eec114d20028b876c76d34f653095f98f969be81cc5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91F02D325012265787375A7AAC88977F7ACDAC0365301892AEC5AD3104ED34DD4083E0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003DCDE2 Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,003DD227,00000000,00000000,00000000), ref: 003DD0E6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InformationTimeZone
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 565725191-0
                                                                                                                                                                                                                  • Opcode ID: 2eb223fb285beacffa45697f6061f0460e6d9bfd1c046dad6bacfd2c5dbb664e
                                                                                                                                                                                                                  • Instruction ID: c7350726164ff68d02b13c24f89fdf3ff40892c5783391785f50c172fd6fb1c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2eb223fb285beacffa45697f6061f0460e6d9bfd1c046dad6bacfd2c5dbb664e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DC10873920116ABDB22AF64EC42ABEB7B9EF54710F154067F801EB391E7709E41CB94
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003A3C90 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 247registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(003A3AAC,DisplayVersion,00000000,00000001,01171AF0,00000000,2.338,00000005,6CA27FDA,?), ref: 003A3D24
                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(003A3AAC,?,00000000,00000001,?,00000000,3F800000,00000010), ref: 003A3FDB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                  • String ID: 2.338$DisplayVersion$LostVersion$cpu_name$dsk_iosec$dsk_mbsec$gpu_name$gpu_ram$os_architecture$os_installdate$os_mem$os_name$os_virtmem$pc_vendor$pc_version
                                                                                                                                                                                                                  • API String ID: 3702945584-2557194662
                                                                                                                                                                                                                  • Opcode ID: e463e671a2b741c8375fda11411c40a44705fda1e93b531533396fb5024a77cf
                                                                                                                                                                                                                  • Instruction ID: e8309f3e2c2d6f6b6c2c1ef79a2b7c94d71e02546419a51bae5c8e70364a0e80
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e463e671a2b741c8375fda11411c40a44705fda1e93b531533396fb5024a77cf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7B1C975D0121DEFCB01DF81D849BEEBBB9FB15314F408129E511AB251DBB86A88CFA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003936BF Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 170filewindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003936C6
                                                                                                                                                                                                                    • Part of subcall function 0039ED90: __Mtx_unlock.LIBCPMT ref: 0039EE09
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00393756
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00393783
                                                                                                                                                                                                                    • Part of subcall function 0039ED90: std::_Throw_Cpp_error.LIBCPMT ref: 0039EE1D
                                                                                                                                                                                                                    • Part of subcall function 0039ED90: std::_Throw_Cpp_error.LIBCPMT ref: 0039EE28
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003937FC
                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,000000FF), ref: 0039381F
                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00393848
                                                                                                                                                                                                                  • __Xtime_get_ticks.LIBCPMT ref: 00393872
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00393880
                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,?,00002710,00000000), ref: 003938B4
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039390E
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393919
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393920
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039392E
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393935
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393940
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • __fasttest__, xrefs: 0039382B
                                                                                                                                                                                                                  • { "fast":{ "fast_tutorial_benchmark_done":%lld } }, xrefs: 0039388D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock$FileMessagePostTextUnothrow_t@std@@@WindowWriteXtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                                                                  • String ID: __fasttest__${ "fast":{ "fast_tutorial_benchmark_done":%lld } }
                                                                                                                                                                                                                  • API String ID: 2821475390-3036676175
                                                                                                                                                                                                                  • Opcode ID: e7e65f95db91b10510443d0d1131a9ec268554bf27816df419ec2e4b27979727
                                                                                                                                                                                                                  • Instruction ID: ea5a8d0cc79b575d6b54c2ef2ceb72d1bdbf3a9312238144ccd2983f7eee989a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7e65f95db91b10510443d0d1131a9ec268554bf27816df419ec2e4b27979727
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5451C2B1941219AFDB22EF64CC49B9E77B8EF05310F1042A9F929AB2D1DB319A40CF55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BB065 Relevance: 28.9, APIs: 19, Instructions: 433COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003BB06C
                                                                                                                                                                                                                  • ctype.LIBCPMT ref: 003BB0B3
                                                                                                                                                                                                                    • Part of subcall function 003BA8AA: __Getctype.LIBCPMT ref: 003BA8B9
                                                                                                                                                                                                                    • Part of subcall function 003B68D0: __EH_prolog3.LIBCMT ref: 003B68D7
                                                                                                                                                                                                                    • Part of subcall function 003B68D0: std::_Lockit::_Lockit.LIBCPMT ref: 003B68E1
                                                                                                                                                                                                                    • Part of subcall function 003B68D0: int.LIBCPMT ref: 003B68F8
                                                                                                                                                                                                                    • Part of subcall function 003B69FA: __EH_prolog3.LIBCMT ref: 003B6A01
                                                                                                                                                                                                                    • Part of subcall function 003B69FA: std::_Lockit::_Lockit.LIBCPMT ref: 003B6A0B
                                                                                                                                                                                                                    • Part of subcall function 003B69FA: int.LIBCPMT ref: 003B6A22
                                                                                                                                                                                                                    • Part of subcall function 003B6BB9: __EH_prolog3.LIBCMT ref: 003B6BC0
                                                                                                                                                                                                                    • Part of subcall function 003B6BB9: std::_Lockit::_Lockit.LIBCPMT ref: 003B6BCA
                                                                                                                                                                                                                    • Part of subcall function 003B6BB9: int.LIBCPMT ref: 003B6BE1
                                                                                                                                                                                                                    • Part of subcall function 003B6BB9: std::_Lockit::~_Lockit.LIBCPMT ref: 003B6C3B
                                                                                                                                                                                                                    • Part of subcall function 003B6B24: __EH_prolog3.LIBCMT ref: 003B6B2B
                                                                                                                                                                                                                    • Part of subcall function 003B6B24: std::_Lockit::_Lockit.LIBCPMT ref: 003B6B35
                                                                                                                                                                                                                    • Part of subcall function 003B6B24: int.LIBCPMT ref: 003B6B4C
                                                                                                                                                                                                                    • Part of subcall function 003B194B: __EH_prolog3.LIBCMT ref: 003B1952
                                                                                                                                                                                                                    • Part of subcall function 003B194B: std::_Lockit::_Lockit.LIBCPMT ref: 003B195C
                                                                                                                                                                                                                    • Part of subcall function 003B194B: std::_Lockit::~_Lockit.LIBCPMT ref: 003B1A03
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB269
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB2C3
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB306
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB349
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB3B5
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB43A
                                                                                                                                                                                                                  • numpunct.LIBCPMT ref: 003BB461
                                                                                                                                                                                                                    • Part of subcall function 003B7355: __EH_prolog3.LIBCMT ref: 003B735C
                                                                                                                                                                                                                    • Part of subcall function 003B6FCC: __EH_prolog3.LIBCMT ref: 003B6FD3
                                                                                                                                                                                                                    • Part of subcall function 003B6FCC: std::_Lockit::_Lockit.LIBCPMT ref: 003B6FDD
                                                                                                                                                                                                                    • Part of subcall function 003B6FCC: int.LIBCPMT ref: 003B6FF4
                                                                                                                                                                                                                    • Part of subcall function 003B6FCC: std::_Lockit::~_Lockit.LIBCPMT ref: 003B704E
                                                                                                                                                                                                                    • Part of subcall function 003B70F6: __EH_prolog3.LIBCMT ref: 003B70FD
                                                                                                                                                                                                                    • Part of subcall function 003B70F6: std::_Lockit::_Lockit.LIBCPMT ref: 003B7107
                                                                                                                                                                                                                    • Part of subcall function 003B70F6: int.LIBCPMT ref: 003B711E
                                                                                                                                                                                                                    • Part of subcall function 003B70F6: std::_Lockit::~_Lockit.LIBCPMT ref: 003B7178
                                                                                                                                                                                                                    • Part of subcall function 003B194B: Concurrency::cancel_current_task.LIBCPMT ref: 003B1A0E
                                                                                                                                                                                                                    • Part of subcall function 003B194B: __EH_prolog3.LIBCMT ref: 003B1A1B
                                                                                                                                                                                                                    • Part of subcall function 003B6552: __EH_prolog3.LIBCMT ref: 003B6559
                                                                                                                                                                                                                    • Part of subcall function 003B6552: std::_Lockit::_Lockit.LIBCPMT ref: 003B6563
                                                                                                                                                                                                                    • Part of subcall function 003B6552: int.LIBCPMT ref: 003B657A
                                                                                                                                                                                                                    • Part of subcall function 003B6552: std::_Lockit::~_Lockit.LIBCPMT ref: 003B65D4
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB48A
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB088
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB0F2
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB138
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB17B
                                                                                                                                                                                                                  • collate.LIBCPMT ref: 003BB1E7
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB201
                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 003BB227
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB4F2
                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 003BB512
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$H_prolog3$Lockit::_$Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypecodecvtcollatectypenumpunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3571528127-0
                                                                                                                                                                                                                  • Opcode ID: 0e612048b5e62f46cd867cf479a2215f8a77878a946a5209e9b275a3eb0cd058
                                                                                                                                                                                                                  • Instruction ID: e2f7ecc686b875744e58ef7e942b7df4d728e00a35c90ac869a45fd0a4895024
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e612048b5e62f46cd867cf479a2215f8a77878a946a5209e9b275a3eb0cd058
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E1D571800615EBDB23AF658C12AFFBAB4EF41368F10442DFA559FA92DF718D009791
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00394349 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 278memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00394365
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00394433
                                                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 0039444A
                                                                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,003FBDAC,?,?), ref: 0039446A
                                                                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00394480
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 003944A4
                                                                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,?,?,?), ref: 003944C3
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00394503
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00394696
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00394548
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003945F8
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00394678
                                                                                                                                                                                                                    • Part of subcall function 003635D0: HeapAlloc.KERNEL32(?,00000000,?,?,?,0040975C,?,?,0036108B,80004005,6CA27FDA,?,003EA44F,000000FF), ref: 003635FB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: QueryValue$AllocCpp_errorFileGlobalHeapInfoMtx_unlockThrow_Versionstd::_$FindFreeProcessResourceSizewsprintf
                                                                                                                                                                                                                  • String ID: ProductName$\StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation$windows\system32\svchost.exe
                                                                                                                                                                                                                  • API String ID: 997533036-3412287681
                                                                                                                                                                                                                  • Opcode ID: f519118614257eb8b2ebe622fa4303a2f4261121e61e549afc424254072cf513
                                                                                                                                                                                                                  • Instruction ID: eb9a8a6b31d2dec62f408e1190ef2432823b5d35f585a5e061236728a0d8cc8d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f519118614257eb8b2ebe622fa4303a2f4261121e61e549afc424254072cf513
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6A1F5715006199FDB16DF68CC45FAAB3A8EF15324F1582A9F915DB292EB30DE02CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BB541 Relevance: 25.9, APIs: 17, Instructions: 433COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003BB548
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB745
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB79F
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB7E2
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB825
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB891
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB916
                                                                                                                                                                                                                    • Part of subcall function 0038FA50: __Getctype.LIBCPMT ref: 0038FA5D
                                                                                                                                                                                                                    • Part of subcall function 003B6965: __EH_prolog3.LIBCMT ref: 003B696C
                                                                                                                                                                                                                    • Part of subcall function 003B6965: std::_Lockit::_Lockit.LIBCPMT ref: 003B6976
                                                                                                                                                                                                                    • Part of subcall function 003B6965: int.LIBCPMT ref: 003B698D
                                                                                                                                                                                                                    • Part of subcall function 003B6A8F: __EH_prolog3.LIBCMT ref: 003B6A96
                                                                                                                                                                                                                    • Part of subcall function 003B6A8F: std::_Lockit::_Lockit.LIBCPMT ref: 003B6AA0
                                                                                                                                                                                                                    • Part of subcall function 003B6A8F: int.LIBCPMT ref: 003B6AB7
                                                                                                                                                                                                                    • Part of subcall function 003B6CE3: __EH_prolog3.LIBCMT ref: 003B6CEA
                                                                                                                                                                                                                    • Part of subcall function 003B6CE3: std::_Lockit::_Lockit.LIBCPMT ref: 003B6CF4
                                                                                                                                                                                                                    • Part of subcall function 003B6CE3: int.LIBCPMT ref: 003B6D0B
                                                                                                                                                                                                                    • Part of subcall function 003B6CE3: std::_Lockit::~_Lockit.LIBCPMT ref: 003B6D65
                                                                                                                                                                                                                    • Part of subcall function 003B6C4E: __EH_prolog3.LIBCMT ref: 003B6C55
                                                                                                                                                                                                                    • Part of subcall function 003B6C4E: std::_Lockit::_Lockit.LIBCPMT ref: 003B6C5F
                                                                                                                                                                                                                    • Part of subcall function 003B6C4E: int.LIBCPMT ref: 003B6C76
                                                                                                                                                                                                                    • Part of subcall function 003B6C4E: std::_Lockit::~_Lockit.LIBCPMT ref: 003B6CD0
                                                                                                                                                                                                                    • Part of subcall function 003B194B: __EH_prolog3.LIBCMT ref: 003B1952
                                                                                                                                                                                                                    • Part of subcall function 003B194B: std::_Lockit::_Lockit.LIBCPMT ref: 003B195C
                                                                                                                                                                                                                    • Part of subcall function 003B194B: std::_Lockit::~_Lockit.LIBCPMT ref: 003B1A03
                                                                                                                                                                                                                  • numpunct.LIBCPMT ref: 003BB93D
                                                                                                                                                                                                                    • Part of subcall function 003B7388: __EH_prolog3.LIBCMT ref: 003B738F
                                                                                                                                                                                                                    • Part of subcall function 003B7061: __EH_prolog3.LIBCMT ref: 003B7068
                                                                                                                                                                                                                    • Part of subcall function 003B7061: std::_Lockit::_Lockit.LIBCPMT ref: 003B7072
                                                                                                                                                                                                                    • Part of subcall function 003B7061: int.LIBCPMT ref: 003B7089
                                                                                                                                                                                                                    • Part of subcall function 003B7061: std::_Lockit::~_Lockit.LIBCPMT ref: 003B70E3
                                                                                                                                                                                                                    • Part of subcall function 003B718B: __EH_prolog3.LIBCMT ref: 003B7192
                                                                                                                                                                                                                    • Part of subcall function 003B718B: std::_Lockit::_Lockit.LIBCPMT ref: 003B719C
                                                                                                                                                                                                                    • Part of subcall function 003B718B: int.LIBCPMT ref: 003B71B3
                                                                                                                                                                                                                    • Part of subcall function 003B718B: std::_Lockit::~_Lockit.LIBCPMT ref: 003B720D
                                                                                                                                                                                                                    • Part of subcall function 003B194B: Concurrency::cancel_current_task.LIBCPMT ref: 003B1A0E
                                                                                                                                                                                                                    • Part of subcall function 003B194B: __EH_prolog3.LIBCMT ref: 003B1A1B
                                                                                                                                                                                                                    • Part of subcall function 003B65E7: __EH_prolog3.LIBCMT ref: 003B65EE
                                                                                                                                                                                                                    • Part of subcall function 003B65E7: std::_Lockit::_Lockit.LIBCPMT ref: 003B65F8
                                                                                                                                                                                                                    • Part of subcall function 003B65E7: int.LIBCPMT ref: 003B660F
                                                                                                                                                                                                                    • Part of subcall function 003B65E7: std::_Lockit::~_Lockit.LIBCPMT ref: 003B6669
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB966
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB564
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB5CE
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB614
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB657
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB6DD
                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 003BB703
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003BB9CE
                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 003BB9EE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$H_prolog3$Lockit::_$Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypecodecvtnumpunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1338684613-0
                                                                                                                                                                                                                  • Opcode ID: 43dd0892a324548e45d85fc4c95028b998bfe1aa7965705c24966ae63083e402
                                                                                                                                                                                                                  • Instruction ID: cdd6045760089839e4d974a43f22eceb4cc52cce891d26660167931fc30d538e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43dd0892a324548e45d85fc4c95028b998bfe1aa7965705c24966ae63083e402
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23E1C471900305DBDB23AF648C12AFFBAB5EF41368F11442DFA55ABA91EF708D009791
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037CD00 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 451timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,WinHTTP 1.0,?,?,?,?,?,003EA695,000000FF,?,0037BC2C), ref: 0037CD7F
                                                                                                                                                                                                                  • WinHttpConnect.WINHTTP(00000000,?,000001BB,00000000), ref: 0037CDAE
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 0037CDF1
                                                                                                                                                                                                                  • WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00800000), ref: 0037CE35
                                                                                                                                                                                                                  • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 0037CE5D
                                                                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(00000000), ref: 0037CE72
                                                                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(?), ref: 0037CE77
                                                                                                                                                                                                                  • WinHttpSendRequest.WINHTTP(000000FF,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0037CF40
                                                                                                                                                                                                                  • WinHttpReceiveResponse.WINHTTP(000000FF,00000000), ref: 0037CF7A
                                                                                                                                                                                                                  • WinHttpQueryDataAvailable.WINHTTP(000000FF,?), ref: 0037CF99
                                                                                                                                                                                                                  • WinHttpReadData.WINHTTP(000000FF,00000010,00000000,00000000), ref: 0037D009
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Http$CloseDataHandleOpenRequest$AvailableConnectCount64FindHeapProcessQueryReadReceiveResourceResponseSendTickTimeouts
                                                                                                                                                                                                                  • String ID: GET$WinHTTP 1.0
                                                                                                                                                                                                                  • API String ID: 369866759-1397384856
                                                                                                                                                                                                                  • Opcode ID: cc86fdd915ca335b508c77e4c103f69e86438ee0da7d66b331bad41aefdf7cc2
                                                                                                                                                                                                                  • Instruction ID: bf67cc816199085383fc48f05c35806d0b9c74faa5d2f555b8809acedf5d0165
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc86fdd915ca335b508c77e4c103f69e86438ee0da7d66b331bad41aefdf7cc2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB025D70A016099FDB16DF68C888BADBBF4AF05324F15C169E819AB2A2DB75DD04CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037C7D0 Relevance: 23.2, APIs: 10, Strings: 3, Instructions: 433COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,10000000,WinHTTP 1.0), ref: 0037C84F
                                                                                                                                                                                                                  • WinHttpConnect.WINHTTP(00000000,000001BB,00000000), ref: 0037C872
                                                                                                                                                                                                                  • WinHttpOpenRequest.WINHTTP(00000000,GET,?,00000000,00000000,00000000,00800000), ref: 0037C8D3
                                                                                                                                                                                                                  • WinHttpSetStatusCallback.WINHTTP(00000000,0037CCF0,00240000,00000000), ref: 0037C8F3
                                                                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(00000000), ref: 0037C909
                                                                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(?), ref: 0037C90E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Http$CloseHandleOpen$CallbackConnectFindHeapProcessRequestResourceStatus
                                                                                                                                                                                                                  • String ID: %ws?%ws$GET$WinHTTP 1.0
                                                                                                                                                                                                                  • API String ID: 2977288223-4027742023
                                                                                                                                                                                                                  • Opcode ID: 793f416fb0e6c2ca540d4812db16de72a665bccc11cc726367325d2917b00a8f
                                                                                                                                                                                                                  • Instruction ID: 6638e549dc2d3818c29e53aa9749ef42ca1a1ce119f52853b1b283b01a5600c0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 793f416fb0e6c2ca540d4812db16de72a665bccc11cc726367325d2917b00a8f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0F16D7060160A9FDB22DF68C889BAEBBF4AF05324F15C16DE9199B2A1DB74DD04CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00396380 Relevance: 21.4, APIs: 14, Instructions: 427processCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00396414
                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0039644D
                                                                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 00396470
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00396483
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00396572
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003965C2
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00396638
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00396804
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003968EA
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003968F8
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003968FF
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039690A
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039691B
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00396926
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock$CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 471224688-0
                                                                                                                                                                                                                  • Opcode ID: ba7140287eecca9d987f5b701942fb11df18ee95c6ca84fa54b02d0a54c13d01
                                                                                                                                                                                                                  • Instruction ID: a273291dff0c5407a3b66f92eea151d796616765059956275071fd990765974d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba7140287eecca9d987f5b701942fb11df18ee95c6ca84fa54b02d0a54c13d01
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8102E3319026199FDF22DF68CC49BAABBF4EF45314F1582E9E4199B291DB30AE44CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037D260 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WinHttpConnect.WINHTTP(?,?,000001BB,00000000,6CA27FDA,00000000,00000010,?,00000000,00000010,?,?,?,?,?,003EA695), ref: 0037D2B2
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 0037D2F3
                                                                                                                                                                                                                  • WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00800000), ref: 0037D334
                                                                                                                                                                                                                  • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 0037D355
                                                                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 0037D366
                                                                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 0037D36B
                                                                                                                                                                                                                  • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0037D3D8
                                                                                                                                                                                                                  • WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 0037D3E7
                                                                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 0037D3F0
                                                                                                                                                                                                                  • WinHttpCloseHandle.WINHTTP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 0037D3F5
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Http$CloseHandle$Request$ConnectCount64HeapOpenProcessReceiveResponseSendTickTimeouts
                                                                                                                                                                                                                  • String ID: GET
                                                                                                                                                                                                                  • API String ID: 3667219687-1805413626
                                                                                                                                                                                                                  • Opcode ID: 318921218e1ea3be92e9beb8c228d2b1d5229eb8ec0cf8b00729e231c28c6e29
                                                                                                                                                                                                                  • Instruction ID: a291e290c9dffac07c369de0b5a694d8368784c41d15c90ae8d12c655fd7d851
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 318921218e1ea3be92e9beb8c228d2b1d5229eb8ec0cf8b00729e231c28c6e29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26519375600609AFD7129F69CC85E6ABBB8FF44720F15822AF918E72A1DB75EC10CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C2B01 Relevance: 18.3, APIs: 12, Instructions: 277COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C2B08
                                                                                                                                                                                                                  • collate.LIBCPMT ref: 003C2B14
                                                                                                                                                                                                                    • Part of subcall function 003C17EC: __EH_prolog3_GS.LIBCMT ref: 003C17F3
                                                                                                                                                                                                                    • Part of subcall function 003C17EC: __Getcoll.LIBCPMT ref: 003C1857
                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 003C2B57
                                                                                                                                                                                                                    • Part of subcall function 003C1650: __EH_prolog3.LIBCMT ref: 003C1657
                                                                                                                                                                                                                    • Part of subcall function 003C1650: std::_Lockit::_Lockit.LIBCPMT ref: 003C1661
                                                                                                                                                                                                                    • Part of subcall function 003C1650: int.LIBCPMT ref: 003C1678
                                                                                                                                                                                                                    • Part of subcall function 003C1650: std::_Lockit::~_Lockit.LIBCPMT ref: 003C16D2
                                                                                                                                                                                                                    • Part of subcall function 003B194B: __EH_prolog3.LIBCMT ref: 003B1952
                                                                                                                                                                                                                    • Part of subcall function 003B194B: std::_Lockit::_Lockit.LIBCPMT ref: 003B195C
                                                                                                                                                                                                                    • Part of subcall function 003B194B: std::_Lockit::~_Lockit.LIBCPMT ref: 003B1A03
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2B31
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2B95
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2BEB
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2C30
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2C73
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2CDF
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2D60
                                                                                                                                                                                                                  • numpunct.LIBCPMT ref: 003C2D87
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C2DAF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_$Getcoll$H_prolog3_collatenumpunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 613342304-0
                                                                                                                                                                                                                  • Opcode ID: 891b3a3f7a234c3c0f62bc42f6fceb1fcf56237c7be68a5ea63918400160f7c2
                                                                                                                                                                                                                  • Instruction ID: 59dc91896d65bbcdf0ad19af5568197d6ebae8a2f1f0265c43f16df73a3ed5ce
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 891b3a3f7a234c3c0f62bc42f6fceb1fcf56237c7be68a5ea63918400160f7c2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3591E871C00715DADB23AB758815F7F7AB8EF91760F10842DF95AEB682EB708D0057A1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AD630 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 271registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00000101,?,6CA27FDA,?,00000000), ref: 003AD765
                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,MachineGuid,00000000,?,00000000,?,?,00000000), ref: 003AD78F
                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,MachineGuid,00000000,00000000,00000000,?), ref: 003AD7CA
                                                                                                                                                                                                                    • Part of subcall function 003635D0: HeapAlloc.KERNEL32(?,00000000,?,?,?,0040975C,?,?,0036108B,80004005,6CA27FDA,?,003EA44F,000000FF), ref: 003635FB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: QueryValue$AllocHeapOpen
                                                                                                                                                                                                                  • String ID: %wsX$00000000-0000-0000-0000-000000000000$03000200-0400-0500-0006-000700080009$12345678-1234-5678-90AB-CDDEEFAABBCC$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                  • API String ID: 1471642767-2974506590
                                                                                                                                                                                                                  • Opcode ID: bcf4f676f8211113d59b9c1470519b498b1643ff8e570db2aac9b907cdde5180
                                                                                                                                                                                                                  • Instruction ID: d11a7ca40d94660dac5a950fa26b3f596e0083bc54ed31172209b4de4eef99c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcf4f676f8211113d59b9c1470519b498b1643ff8e570db2aac9b907cdde5180
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD911771A001069BDB169F64CC05BBBB3B9EF26750F464529E907EBA91F772ED00CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039F8E0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 269fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • OpenEventLogW.ADVAPI32(00000000,System), ref: 0039F960
                                                                                                                                                                                                                  • GetNumberOfEventLogRecords.ADVAPI32(00000000,00000000), ref: 0039F970
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                  • ReadEventLogW.ADVAPI32(00000000,00000005,00000000,00000000,0001FFFE,00000000,00000000), ref: 0039F9A7
                                                                                                                                                                                                                  • CloseEventLog.ADVAPI32(00000000), ref: 0039FA23
                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,00000101,?,00000000,"":-1 } } },0000000D,{ "fast":{ "eventsDaily":{ ,0000001C), ref: 0039FB0C
                                                                                                                                                                                                                    • Part of subcall function 003635D0: HeapAlloc.KERNEL32(?,00000000,?,?,?,0040975C,?,?,0036108B,80004005,6CA27FDA,?,003EA44F,000000FF), ref: 003635FB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Event$Heap$AllocCloseFileNumberOpenProcessReadRecordsWrite
                                                                                                                                                                                                                  • String ID: "":-1 } } }$"%s":%d,$%0.2d/%0.2d/%0.2d$System${ "fast":{ "eventsDaily":{
                                                                                                                                                                                                                  • API String ID: 1664757657-334134642
                                                                                                                                                                                                                  • Opcode ID: b3195c8098e3b779610232533089b92704bb6db367dad85848df4967dcfb5055
                                                                                                                                                                                                                  • Instruction ID: e903dae3a019003286e6a304b7ec60a17fe227bf2c8d92e05dcecdb958441989
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3195c8098e3b779610232533089b92704bb6db367dad85848df4967dcfb5055
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3A16F71A00209AFDB12DF68C845FAEBBF4EF05314F198169F905EB292DB75AD44CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003ACCA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 197windowregistryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegisterClassW.USER32(?), ref: 003ACD61
                                                                                                                                                                                                                  • CreateWindowExW.USER32(08000000,?,00000000,80000000,000000FF,00000001,000000FF,00000001,00000000,00000000,?,00000000), ref: 003ACD88
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 003ACDB3
                                                                                                                                                                                                                  • UpdateWindow.USER32(00000000), ref: 003ACDBA
                                                                                                                                                                                                                  • PeekMessageW.USER32(?,?,00000000,00000000,00000001), ref: 003ACDFC
                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 003ACE0A
                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 003ACE14
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000402,?,?), ref: 003ACE97
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 003ACEA3
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageWindow$ClassCreateDispatchFindHeapPeekPostProcProcessRegisterResourceShowTranslateUpdate
                                                                                                                                                                                                                  • String ID: SYSTEM_EVT_HANDLER
                                                                                                                                                                                                                  • API String ID: 2996767847-656511211
                                                                                                                                                                                                                  • Opcode ID: 96f21c42f2dbf3fe7e9d9ad490a7b8403d16d5b7aac9ea29fbf97710731b05a5
                                                                                                                                                                                                                  • Instruction ID: 16b7467b2d6f26e3025cde332bab3a45d6ee06f7af5abd44d0cfb04719d7dd4a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96f21c42f2dbf3fe7e9d9ad490a7b8403d16d5b7aac9ea29fbf97710731b05a5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC51D571D41609ABDB12CF98DD45FAEBBB8EF45721F20421AF921A72D0DB70AD00CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003A8F30 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003A8F5D
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003A8F7F
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003A8F9F
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003A8FC9
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003A9038
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 003A9084
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 003A909E
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003A9133
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003A9140
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                  • API String ID: 3375549084-1405518554
                                                                                                                                                                                                                  • Opcode ID: 7bad4cbd4e001ebcbf8e99b3e40998319f1d4f4fc4b9e55235e3aaa38194ebec
                                                                                                                                                                                                                  • Instruction ID: 8a10f732bd1e88567cee70f77ab929c53c4c7dd7613b4f6d9a5e6076bae3410d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7bad4cbd4e001ebcbf8e99b3e40998319f1d4f4fc4b9e55235e3aaa38194ebec
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD61A1B1D002499FDF22DFA4D845B9EBBB8EF16350F15402AE804BB381EB75E905CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C4C30 Relevance: 15.2, APIs: 10, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,0039E1E7,0039E1E9,00000000,00000000,6CA27FDA,?,00000000,?,003C8B80,00408FE8,000000FE,?,0039E1E7,?), ref: 003C4CB9
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003C4CDE
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,0039E1E7,?,00000000,00000000,?,003C8B80,00408FE8,000000FE,?,0039E1E7), ref: 003C4D34
                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 003C4D3F
                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 003C4D68
                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 003C4D72
                                                                                                                                                                                                                  • GetLastError.KERNEL32(80070057,6CA27FDA,?,00000000,?,003C8B80,00408FE8,000000FE,?,0039E1E7,?), ref: 003C4D77
                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 003C4D8A
                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,003C8B80,00408FE8,000000FE,?,0039E1E7,?), ref: 003C4DA0
                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 003C4DB3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString__alloca_probe_16
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3079088546-0
                                                                                                                                                                                                                  • Opcode ID: a76a2c1a3c46d9bdbd148b3cface403d497bcd9948955fad674d8a90d3833be8
                                                                                                                                                                                                                  • Instruction ID: 4cceb19ec64b39a363cd4657aaf5d890419969fd0094bbb4f2a9c445361a582d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a76a2c1a3c46d9bdbd148b3cface403d497bcd9948955fad674d8a90d3833be8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E411971A00305ABDB12AF68DC59FAEBBB8EB44710F10422EF506E7291DB359C40C7A4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039348C Relevance: 15.1, APIs: 10, Instructions: 123COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00393493
                                                                                                                                                                                                                    • Part of subcall function 0039ED90: __Mtx_unlock.LIBCPMT ref: 0039EE09
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003934DA
                                                                                                                                                                                                                    • Part of subcall function 0039ED90: std::_Throw_Cpp_error.LIBCPMT ref: 0039EE1D
                                                                                                                                                                                                                    • Part of subcall function 0039ED90: std::_Throw_Cpp_error.LIBCPMT ref: 0039EE28
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00393527
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003935A4
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003935ED
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003935FB
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393602
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393610
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393617
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393625
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039362C
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393637
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2334871359-0
                                                                                                                                                                                                                  • Opcode ID: b805a641e5cb0a8ca733cfaa6067b45ede71eb4ee9e2f6c3b1b4fde7f0c82c8b
                                                                                                                                                                                                                  • Instruction ID: 23e110c15dce54a8da180cd0a26462f5088993d6257cd6e8c6ab455668a79f21
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b805a641e5cb0a8ca733cfaa6067b45ede71eb4ee9e2f6c3b1b4fde7f0c82c8b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA4197B1900209AFDF12EF64CC42BAE77B4EF05310F050664FA259F291D735AA15CF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00393640 Relevance: 15.1, APIs: 10, Instructions: 70threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetForegroundWindow.USER32(6CA27FDA,?,?), ref: 00393679
                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,?), ref: 00393695
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003938F9
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393907
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039390E
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393919
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393920
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039392E
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393935
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393940
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Window$ForegroundProcessThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1582234585-0
                                                                                                                                                                                                                  • Opcode ID: 53672c379bd5bdd45772d3422c5eacd7abaa504b425d12eff6e519c189b83725
                                                                                                                                                                                                                  • Instruction ID: 85dfc3f9cefcfdbdd90b8645d0f1e8015f7004920363f79c08c614395771e80c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53672c379bd5bdd45772d3422c5eacd7abaa504b425d12eff6e519c189b83725
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D21D571A0074CAFDB11AFB59D06B6B77A8EB05710F00466DFA259A2D1EA349900CF55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C3684 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C368B
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: __EH_prolog3.LIBCMT ref: 003B0BA2
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: std::_Lockit::_Lockit.LIBCPMT ref: 003B0BAC
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: int.LIBCPMT ref: 003B0BC3
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: std::_Lockit::~_Lockit.LIBCPMT ref: 003B0C1D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                  • API String ID: 1538362411-2891247106
                                                                                                                                                                                                                  • Opcode ID: 6f7f5f2175426ac1dabc80d960fb9d99499d593434aa43c4642ce539fee306e9
                                                                                                                                                                                                                  • Instruction ID: e1f7465a82fddc6b8bef8102afb65ed59b84207dc3ca91c3a1786e8f04068dda
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f7f5f2175426ac1dabc80d960fb9d99499d593434aa43c4642ce539fee306e9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFC17CB6500209ABCB1ADEA8C995FFE7BACEB09700F11811DFA46E6651D731DF10CB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BD879 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003BD880
                                                                                                                                                                                                                    • Part of subcall function 003B6711: __EH_prolog3.LIBCMT ref: 003B6718
                                                                                                                                                                                                                    • Part of subcall function 003B6711: std::_Lockit::_Lockit.LIBCPMT ref: 003B6722
                                                                                                                                                                                                                    • Part of subcall function 003B6711: int.LIBCPMT ref: 003B6739
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3$LockitLockit::_std::_
                                                                                                                                                                                                                  • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                  • API String ID: 2181796688-2891247106
                                                                                                                                                                                                                  • Opcode ID: 1d04882a427d960ff79769eb59452c363ce99d6a275ed263276a5d0d69053d54
                                                                                                                                                                                                                  • Instruction ID: 52d9a2434f9c6b9f9fa5b4b812f1b5bb9f0c88c0ca84367d87b285791de3d42d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d04882a427d960ff79769eb59452c363ce99d6a275ed263276a5d0d69053d54
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60C172B650010AAFCB1ADF68C956DFF7BFCAB45308F160119FB06E6A51E670DA10DB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BDC69 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003BDC70
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::_Lockit.LIBCPMT ref: 0038DE4D
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::_Lockit.LIBCPMT ref: 0038DE70
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::~_Lockit.LIBCPMT ref: 0038DE90
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::~_Lockit.LIBCPMT ref: 0038DF1D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                  • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                  • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                  • Opcode ID: 19a9ffd1ffc94e334de1ee010330660730cc1afae203892af6faf1a34b94e417
                                                                                                                                                                                                                  • Instruction ID: cc8e12cc2f2729a85399188b1cdc276662e6d1c63ed340f932b9bc4a0f968e5d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19a9ffd1ffc94e334de1ee010330660730cc1afae203892af6faf1a34b94e417
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43C170B6504109AFCB1ADF68C955EFB3BACEF09308F15051AFB47E6A55E631DA00CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C90E8 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 003C9207
                                                                                                                                                                                                                  • ___TypeMatch.LIBVCRUNTIME ref: 003C9315
                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 003C9467
                                                                                                                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 003C9482
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                  • String ID: csm$csm$csm$|&?
                                                                                                                                                                                                                  • API String ID: 2751267872-4180897357
                                                                                                                                                                                                                  • Opcode ID: 559cb4475f3de319771126bdf184985f441b076244d59f53a580d1cdb2c2b08b
                                                                                                                                                                                                                  • Instruction ID: 09ca50f30fbe24537bad4124bfa2d2a26bd2a58abbdabbbdd947f4b4701f4f31
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 559cb4475f3de319771126bdf184985f441b076244d59f53a580d1cdb2c2b08b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13B17975800209EFCF2ADFA5D889FAEB7B5BF14310B16455EE801AB252C731EE51CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AB9E0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003ABA7B
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 003ABACA
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 003ABC1D
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003ABCB5
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003ABCE7
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Lockit$Concurrency::cancel_current_taskLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: bad locale name$false$true
                                                                                                                                                                                                                  • API String ID: 3204333896-1062449267
                                                                                                                                                                                                                  • Opcode ID: b4a319bdd21b99aa7ddb8ec794af2da09ab418dbd3cbea8babb47a2e4d87d862
                                                                                                                                                                                                                  • Instruction ID: 20c8d0c8cf3c07a862d2b78264c275c53741647108c1fb4d878166d8bf06c2f6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4a319bdd21b99aa7ddb8ec794af2da09ab418dbd3cbea8babb47a2e4d87d862
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 469141B1D003589BEB11DFE4C945BDEFBB8FF15304F144169E908AB282EB75AA44CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BA8E3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 003BA8EA
                                                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 003BA953
                                                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 003BA965
                                                                                                                                                                                                                  • _Maklocchr.LIBCPMT ref: 003BA97D
                                                                                                                                                                                                                  • _Maklocchr.LIBCPMT ref: 003BA98D
                                                                                                                                                                                                                  • _Getvals.LIBCPMT ref: 003BA9AF
                                                                                                                                                                                                                    • Part of subcall function 003B4F58: _Maklocchr.LIBCPMT ref: 003B4F87
                                                                                                                                                                                                                    • Part of subcall function 003B4F58: _Maklocchr.LIBCPMT ref: 003B4F9D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                  • API String ID: 3549167292-2658103896
                                                                                                                                                                                                                  • Opcode ID: e39a12f5a8ceb80cd53db1a91e3c3bf375f9ebcf6e814c174c9f2c7ba43895ad
                                                                                                                                                                                                                  • Instruction ID: a822d2a452e9cca3b14bc2051c5fcd82c4212594e9ffbf0c22123577c0d4107a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e39a12f5a8ceb80cd53db1a91e3c3bf375f9ebcf6e814c174c9f2c7ba43895ad
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E52153B2D00718AADF16EFA5D885ADE7BB8EF05710F00801AFA099F582DB749544CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037EDE0 Relevance: 13.7, APIs: 9, Instructions: 235serviceCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 0037EE51
                                                                                                                                                                                                                    • Part of subcall function 0039ED90: __Mtx_unlock.LIBCPMT ref: 0039EE09
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 0037EEB7
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037EED5
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037EEE0
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037EEE7
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037EEF2
                                                                                                                                                                                                                  • QueryServiceStatusEx.ADVAPI32(?,00000000,?,00000024,?), ref: 0037F009
                                                                                                                                                                                                                  • StartServiceW.ADVAPI32(?,00000000,00000000), ref: 0037F02F
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0037F078
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock$Service$Concurrency::cancel_current_taskQueryStartStatus
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3126387822-0
                                                                                                                                                                                                                  • Opcode ID: dee9bd955181483f39bce17c6cb498e97d7b8e9fa5439648a58dab778d115fe5
                                                                                                                                                                                                                  • Instruction ID: a26f01ea4b2a1024dfbe6ba269339f5524c42a4825ab3714caf21576f37f11c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dee9bd955181483f39bce17c6cb498e97d7b8e9fa5439648a58dab778d115fe5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D71C3715042459FDB22DF28C841B9BB7E8EF49350F054A7DF858DB292E735EA08CB92
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00393400 Relevance: 13.6, APIs: 9, Instructions: 74threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00393459
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003935ED
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 003935FB
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393602
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393610
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393617
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393625
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039362C
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393637
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$ProcessThreadWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3332860087-0
                                                                                                                                                                                                                  • Opcode ID: c28de5e9d15f050e7d84a38f05aaf5c027faf958fd0310b0ce17428d5460b0aa
                                                                                                                                                                                                                  • Instruction ID: e1d96539a1ef0e3a394215604706ba510b5e9ed84bd6ced9c043e302e0d0418c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c28de5e9d15f050e7d84a38f05aaf5c027faf958fd0310b0ce17428d5460b0aa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4121D77160074DAFDB119F65CD41B6AB7A8EB06710F004269FE289F6D1DB3195008F65
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00374E60 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 209libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,GetLogicalProcessorInformation,6CA27FDA), ref: 00374EDD
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00374EE4
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00374EFC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                                  • String ID: Cant get cpu info$CpuInfoError$GetLogicalProcessorInformation$kernel32
                                                                                                                                                                                                                  • API String ID: 4275029093-3855144101
                                                                                                                                                                                                                  • Opcode ID: b5871910fe84f9af53a2db14ea958052bc08a769bd8b1c525a508545145cc98e
                                                                                                                                                                                                                  • Instruction ID: 592d8a5f6b1952869567617a73cf88d35a014466ed7f7375c2f8a686d4184566
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5871910fe84f9af53a2db14ea958052bc08a769bd8b1c525a508545145cc98e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2671017190060ACBDB26CF68CC45BBEB7B4EF11315F11C229E909AB291DB789D45CBD1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AD020 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 003AD190: __Mtx_unlock.LIBCPMT ref: 003AD24C
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 003AD06B
                                                                                                                                                                                                                  • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 003AD09C
                                                                                                                                                                                                                  • RegQueryValueW.ADVAPI32(?,003FBC8C,?,00000400), ref: 003AD0CB
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003AD163
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • SOFTWARE\Classes\CLSID\{%ws}, xrefs: 003AD065
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateHandleMtx_unlockQueryValuewsprintf
                                                                                                                                                                                                                  • String ID: SOFTWARE\Classes\CLSID\{%ws}
                                                                                                                                                                                                                  • API String ID: 43845800-1216538723
                                                                                                                                                                                                                  • Opcode ID: 2b90f6911b2b37563bac55d4c9c76464e6c43289bb90f5f7ee6ea101f4c1bc29
                                                                                                                                                                                                                  • Instruction ID: 7b1771134e9ecd85eacfc10d2f54098d83046899c6abba7ce350511e24967908
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b90f6911b2b37563bac55d4c9c76464e6c43289bb90f5f7ee6ea101f4c1bc29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5941C8B0500109DFCB16DF14DD48FEAB7B8EF05314F0085A9E61AA7551DB70AE86CF54
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C48AE Relevance: 12.2, APIs: 8, Instructions: 224COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?), ref: 003C4939
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003C49C7
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003C49F1
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003C4A39
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003C4A53
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003C4A79
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003C4AB6
                                                                                                                                                                                                                  • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 003C4AD3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3603178046-0
                                                                                                                                                                                                                  • Opcode ID: 42bf3d50e60f66939c5d2b2b0a974d53baf2811a824b6712019cdd4be564c442
                                                                                                                                                                                                                  • Instruction ID: 889dd08525bed62472d6f4f9b4075ed832f7654b4a3caffb854167d280f21418
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42bf3d50e60f66939c5d2b2b0a974d53baf2811a824b6712019cdd4be564c442
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1719C7690025AAADF228FA4DC65FEF7BBAEF45350F29001DE914E6250EB35CD40CB64
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003795F0 Relevance: 12.2, APIs: 8, Instructions: 183COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mtx_unlock$Cpp_errorThrow_std::_$Cnd_broadcastCnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1639359466-0
                                                                                                                                                                                                                  • Opcode ID: d1969b4282479fc16fb41a25648306b8b2f57a2188ed157b7b32a583ff09db79
                                                                                                                                                                                                                  • Instruction ID: 04971a9fe4875c2489cccfd8f8220ed6ae5b1cb14eab851ce102b80f3dc7018f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1969b4282479fc16fb41a25648306b8b2f57a2188ed157b7b32a583ff09db79
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B061D4B0A007059BDB26DF64C545BAAB7E4FF01320F15C72AE8299B691D739E904CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C4623 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 003C466C
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003C4698
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 003C46D7
                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003C46F4
                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 003C4733
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003C4750
                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003C4792
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 003C47B5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2040435927-0
                                                                                                                                                                                                                  • Opcode ID: 310f134988cedc93227afb3b5b2f81a6de25cf16026f076bc6d161882bfb1f32
                                                                                                                                                                                                                  • Instruction ID: 5778d9202413824226b719e533bc1a20c255e26015031d64218e1d48e5123008
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 310f134988cedc93227afb3b5b2f81a6de25cf16026f076bc6d161882bfb1f32
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8951BF7290020AABEB225F64CC55FAF7BA9EB42750F114529FD24DA554D7349D20CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00393994 Relevance: 12.1, APIs: 8, Instructions: 105COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2334871359-0
                                                                                                                                                                                                                  • Opcode ID: 209e6b10e5643b97cb59a782f0450f5eff30e7c85c2ce15fd9ef9ace612d8d5f
                                                                                                                                                                                                                  • Instruction ID: 671f0ee87e209f2b2ab05a5c1ef24b723a5a96f2d8d630aa41a3617038856587
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 209e6b10e5643b97cb59a782f0450f5eff30e7c85c2ce15fd9ef9ace612d8d5f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F419EB1A00201EFDB12DF69C981B99F3A5FF05310F158268E9699B392E731ED54CF92
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003DA7F4 Relevance: 10.8, APIs: 7, Instructions: 329COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _strrchr
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3213747228-0
                                                                                                                                                                                                                  • Opcode ID: 03401a78ee8912b8728fcd654ce34ad05f9a379fc551f28922a14bcf5a1dd639
                                                                                                                                                                                                                  • Instruction ID: 39986ebaf18cb8a2b1f3a05fbcd1519b09e1e5639c74b2237ee10cad104c3996
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03401a78ee8912b8728fcd654ce34ad05f9a379fc551f28922a14bcf5a1dd639
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49B15833A046999FDB138F24ED81BAE7FA5EF55310F164257E904AF382D3749901C7A2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037EAC0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 262COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 0037EB13
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037ED71
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037ED7C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$FindHeapMtx_unlockProcessResource
                                                                                                                                                                                                                  • String ID: Fast!$activationStatus=%ws$activation_status_changed
                                                                                                                                                                                                                  • API String ID: 2096995265-4141419543
                                                                                                                                                                                                                  • Opcode ID: 5700052621eadb463b03829b2ff754ebb4cc0fbdfafba383b00f60049979c33a
                                                                                                                                                                                                                  • Instruction ID: 116ac213b0aa59ad07fbc04dd75beeade25e892a49c16aea37163ecc33410712
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5700052621eadb463b03829b2ff754ebb4cc0fbdfafba383b00f60049979c33a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FA1F470A006099FDB12DB68C845BAEB7F4EF45314F15C1A9E519AF292EB34DE04CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00397970 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 173COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003979F0
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00397A43
                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 00397A55
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00397A74
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00397B09
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Lockit$GetcollLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                  • API String ID: 1629477862-1405518554
                                                                                                                                                                                                                  • Opcode ID: f7f9dd1567767997de52a78eb541b338a63e87d3a005aa6ddff0b7ef4b7ee0a9
                                                                                                                                                                                                                  • Instruction ID: a47734b766552d092ee9ebfd24804fc3d17242b7d69b5dc8b2282bd5b45c9b75
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7f9dd1567767997de52a78eb541b338a63e87d3a005aa6ddff0b7ef4b7ee0a9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7518EB1D142489BEF16DFE4D945BDEBBB4EF14310F14402AE805AB381E7B59A44CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0038FAC0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0038FB49
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0038FB9E
                                                                                                                                                                                                                  • __Getctype.LIBCPMT ref: 0038FBB7
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0038FC01
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0038FC9F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                  • API String ID: 1840309910-1405518554
                                                                                                                                                                                                                  • Opcode ID: d302f17a903e9d16a4903a1985a61122257f77402eac32ca8c55d3990d5faeb4
                                                                                                                                                                                                                  • Instruction ID: b5e5609eaad796857c59f8b0b77ff8dc4c0bf7aa44752f26ebdff4ee9c90e6a2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d302f17a903e9d16a4903a1985a61122257f77402eac32ca8c55d3990d5faeb4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 105171B1D047588FEB12DFA4C94579EB7B4FF14304F1442A9E848EB342EB75AA44CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039E770 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,?), ref: 0039E793
                                                                                                                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0039E7BE
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 0039E816
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 0039E841
                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 0039E8EF
                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 0039E908
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0039E922
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Count64ProcessTick__aulldiv$CloseCountersHandleOpen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2371676983-0
                                                                                                                                                                                                                  • Opcode ID: 80d6aa4e1ab5d9714905ec2084c458214cd144c3d02530580808003405e44b03
                                                                                                                                                                                                                  • Instruction ID: 57bfc58026844d96db654f13ba1465255eb160d3c48f38f144c9fbc2f490568a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80d6aa4e1ab5d9714905ec2084c458214cd144c3d02530580808003405e44b03
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C451E1756183409FCB45CF68C984B5ABBE5FF88704F09496DF9889B316DB70E808CB62
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C8B80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 003C8BB7
                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 003C8BBF
                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 003C8C48
                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 003C8C73
                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 003C8CC8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                  • Opcode ID: 350384597eec935b871297e604d3d3e102fb7ffb3b6012db33042642bdec13c1
                                                                                                                                                                                                                  • Instruction ID: e41713920ce666bc88669bd01f42e1c3fec08cb4bfbfe4170f5b8ccd28a49527
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 350384597eec935b871297e604d3d3e102fb7ffb3b6012db33042642bdec13c1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F441B334A01209DBCF12EF69C885F9EBBA5EF44314F15C159E915EB392DB319E41CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039E630 Relevance: 10.6, APIs: 7, Instructions: 93COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?), ref: 0039E653
                                                                                                                                                                                                                  • GetProcessMemoryInfo.PSAPI(00000000,?,0000002C), ref: 0039E66B
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 0039E690
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 0039E6BB
                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 0039E733
                                                                                                                                                                                                                  • __aulldiv.LIBCMT ref: 0039E748
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0039E756
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Count64ProcessTick__aulldiv$CloseHandleInfoMemoryOpen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2237584821-0
                                                                                                                                                                                                                  • Opcode ID: c604acecd923e78c65cd7fa8cb4877bcc48b7ce0cb8278153c2645af1e77e423
                                                                                                                                                                                                                  • Instruction ID: a1bf937f7faf4a386ba0d4662e43fb89069bb4a9f7737f770f4a65717181e278
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c604acecd923e78c65cd7fa8cb4877bcc48b7ce0cb8278153c2645af1e77e423
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A31E375614702AFD719CF39C885B5AFBE4BB88314F008A29E56CC3251EB31E814CB92
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6552 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6559
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6563
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B657A
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 003B659D
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B65B4
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B65D4
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B65E1
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                                                                                                  • Opcode ID: c0884460fdcb2510cef935df805bb186edb3d1bf4db4fd2849933454895dd122
                                                                                                                                                                                                                  • Instruction ID: 1e5fbafde2d2e4c8bc8fc25797489df2212d0a2b44690f48762d72992968ea51
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0884460fdcb2510cef935df805bb186edb3d1bf4db4fd2849933454895dd122
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E701AD319002199FCB27EBA4C942ABE7774EF95720F15012AE901AB6D2CF78DE05CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B65E7 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B65EE
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B65F8
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B660F
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 003B6632
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B6649
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6669
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B6676
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                                                                                                  • Opcode ID: 68ea0c1633dcec2bd856b8d84958f5899e47926a28cd6903aa8533778d3b84e4
                                                                                                                                                                                                                  • Instruction ID: 5a194583919fb66a7f97229565726acc2917056c3d8e2bfa0166b0b98e07eaeb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68ea0c1633dcec2bd856b8d84958f5899e47926a28cd6903aa8533778d3b84e4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 520100319002149FCB03FBA4D942ABEB774EF90320F240129E801AF3D2CF789E018B90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B667C Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6683
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B668D
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B66A4
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • collate.LIBCPMT ref: 003B66C7
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B66DE
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B66FE
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B670B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                                                                                                  • Opcode ID: 2a6cb2a74e7920cbaa089144f8d8ac029c95df0421a57906e3178d0aefe67dad
                                                                                                                                                                                                                  • Instruction ID: f72f60a7b25136f1bd382ad37a920c1c4a2314db522ee963dbb529715e6654a4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a6cb2a74e7920cbaa089144f8d8ac029c95df0421a57906e3178d0aefe67dad
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A901C0359006199FCB07FBA4C946AAE7779AF90710F250529E411AF6E2CF789E06CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B0B06 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B0B0D
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B0B17
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B0B2E
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 003B0B51
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B0B68
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B0B88
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B0B95
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2133458128-0
                                                                                                                                                                                                                  • Opcode ID: 63d6a0923202558447701b12d61b8608e5ebb1831e40113cbebf2a773bcd49b5
                                                                                                                                                                                                                  • Instruction ID: f44d197641cd7e0e9d9868b08e836f3c326953f4dec310e1bf4ee87a8f018702
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63d6a0923202558447701b12d61b8608e5ebb1831e40113cbebf2a773bcd49b5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8901CC359002199FCB0BFBA8C885AAEB775AF90724F250569E500AF6D2DF74DE018B80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6BB9 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6BC0
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6BCA
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6BE1
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 003B6C04
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B6C1B
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6C3B
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B6C48
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                                                                                                  • Opcode ID: 29b0388b5d61d0b0b3d5204910473bac3c80c92da3664220170deaba1c15f008
                                                                                                                                                                                                                  • Instruction ID: baa07c43a9542ed95d7d53c6d27579c3779147920e60c09a191be96563b23317
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29b0388b5d61d0b0b3d5204910473bac3c80c92da3664220170deaba1c15f008
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F01C031901219DFCB07FBA4C8466AE7B78EF90710F154129E911AF6D2CF789E01CB81
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B0B9B Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B0BA2
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B0BAC
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B0BC3
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • ctype.LIBCPMT ref: 003B0BE6
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B0BFD
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B0C1D
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B0C2A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2958136301-0
                                                                                                                                                                                                                  • Opcode ID: 2f306aab858e30aa3ce8ea7628d0af314a4374de68904c45b37fc2b9647cfb15
                                                                                                                                                                                                                  • Instruction ID: feb67a6313f270781003eb7a60dee64d31234a0e99ee211abb7af5f207a9492f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f306aab858e30aa3ce8ea7628d0af314a4374de68904c45b37fc2b9647cfb15
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C10100359002199FCB17FBA4C8416AE7B74AF90710F240269E414AF6D2CF349E40CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6C4E Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6C55
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6C5F
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6C76
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 003B6C99
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B6CB0
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6CD0
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B6CDD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                                                                                                  • Opcode ID: 9f1d5ced12e2ab5866c634285f74bba6f2b8a431c4faefd6a7f22011db6c353f
                                                                                                                                                                                                                  • Instruction ID: 3de4b2ceb4147bb0ed901895a2055b969eff73386a8dbea5754afd5de68a5f86
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f1d5ced12e2ab5866c634285f74bba6f2b8a431c4faefd6a7f22011db6c353f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C01C0319006199FCB07FBA4C846AAE7B74EF90714F154529E551AF7E2CF78AE05CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6CE3 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6CEA
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6CF4
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6D0B
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 003B6D2E
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B6D45
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6D65
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B6D72
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                                                                                                  • Opcode ID: 4b3ebadb406a45567ec160a947d8b322b31d22e1a825c15a8a0835b44cfcb2e8
                                                                                                                                                                                                                  • Instruction ID: 68ad98cacc4a1a9a872a665761eef45363a4ac1a9891c9a2e73c88388f68a61b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b3ebadb406a45567ec160a947d8b322b31d22e1a825c15a8a0835b44cfcb2e8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2601C031A006199FCB17FBA4D846AAE7774EF91720F250529E401AF6E2CF789E01CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B0D5A Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B0D61
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B0D6B
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B0D82
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • numpunct.LIBCPMT ref: 003B0DA5
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B0DBC
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B0DDC
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B0DE9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                                                                                                  • Opcode ID: 7c2892b7f37fc448c4ce2d7dec19b0beb188e712c3d5a0d4ac2449dde3b2b686
                                                                                                                                                                                                                  • Instruction ID: c4cea06b35c8d6802ad0c3f2aa1af4053cdb0c936154d632591f4eff0ecf7004
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c2892b7f37fc448c4ce2d7dec19b0beb188e712c3d5a0d4ac2449dde3b2b686
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E101AD39900219AFCB1AEBA4C9416AEBB74AF90720F150129E511AB6D2CF74AE00CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6F37 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6F3E
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6F48
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6F5F
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • numpunct.LIBCPMT ref: 003B6F82
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B6F99
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6FB9
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B6FC6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3064348918-0
                                                                                                                                                                                                                  • Opcode ID: 970b5e83c733f1943872c16170cd640a582e8b39c8c3a9b071deadac67e7ba5a
                                                                                                                                                                                                                  • Instruction ID: 60e283ccde76d8f6e18a6100c2e871e14882076ccf514adb055ad54dd44b8c93
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 970b5e83c733f1943872c16170cd640a582e8b39c8c3a9b071deadac67e7ba5a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F0100319002159FCB03FBA4C942ABEB774AF90310F250528F510AF6E2CF789E05CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C123D Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C1244
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C124E
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C1265
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • collate.LIBCPMT ref: 003C1288
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C129F
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C12BF
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C12CC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1767075461-0
                                                                                                                                                                                                                  • Opcode ID: 603da8ae627fa3895d4a05a2e9f77dbd960ecfc3435c2b2e30884cce12a49959
                                                                                                                                                                                                                  • Instruction ID: 056852870d65b93e00c42b0572814fc7c82b5d4134357d5e6cd0ea0665664e01
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 603da8ae627fa3895d4a05a2e9f77dbd960ecfc3435c2b2e30884cce12a49959
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E901AD399002159FCB16BBA4C841AAE7774AF91710F15062DE401EB2D2CF74AE009B91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C12D2 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C12D9
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C12E3
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C12FA
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • messages.LIBCPMT ref: 003C131D
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C1334
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C1354
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C1361
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 958335874-0
                                                                                                                                                                                                                  • Opcode ID: cde95849791e2570410ab822a02165c6ea5a5467a97363afa6c350c393629f45
                                                                                                                                                                                                                  • Instruction ID: 3feb9d53e40eb0e8f85662c3ca8f68b43dacb4dec5ab1283fe8424a0820cd0b0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cde95849791e2570410ab822a02165c6ea5a5467a97363afa6c350c393629f45
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C01AD359006199FCB07FBA4C941BAE77B4AF82710F250129E801AF292CB74AE019B91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C1491 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C1498
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C14A2
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C14B9
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 003C14DC
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C14F3
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C1513
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C1520
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                                                                                                  • Opcode ID: d6a6b241e530f92aa1cc38045eff2fe4041de696ab445f75ab8311dcc03c0d29
                                                                                                                                                                                                                  • Instruction ID: 7769d94a514865d2688eb2354d4f483116fa433871a0116bca935f3b7d7419cc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6a6b241e530f92aa1cc38045eff2fe4041de696ab445f75ab8311dcc03c0d29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B01A9319002199FCB07FBA4C951AAEB7B4AF82720F250129E401AF292DF74EE059B81
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C1526 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C152D
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C1537
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C154E
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 003C1571
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C1588
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C15A8
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C15B5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3376033448-0
                                                                                                                                                                                                                  • Opcode ID: f1eec7f19b8b0b809327a541f5456be1339fdbc04d2922f9e0371f534e405e99
                                                                                                                                                                                                                  • Instruction ID: 6acf3cf3764d6fdb0a0f7653b4f15ed8c68c0902216fa232d17f6659fdff59e1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1eec7f19b8b0b809327a541f5456be1339fdbc04d2922f9e0371f534e405e99
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E801AD35910215DFCB06FBA4C845BAE7775EF82720F150129E401AB392CF74AE059B81
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00379960 Relevance: 9.3, APIs: 6, Instructions: 337threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorMtx_unlockThrow_std::_$Cnd_broadcastCurrentThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3121442025-0
                                                                                                                                                                                                                  • Opcode ID: 7058114f2bd82c31581f27b3aebaea34ff46cd97072feddcd4c4a39c0c4de53f
                                                                                                                                                                                                                  • Instruction ID: 00ae5ecd6e11d5fe7019716fd3b4f3603f78988958065ef3ce89747137b1b578
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7058114f2bd82c31581f27b3aebaea34ff46cd97072feddcd4c4a39c0c4de53f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3D17AB0A01615CFDB22CF68C98475ABBF4FF09710F15826AE81A9B351EB39DD01CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003D3A92 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 003D3C1A
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D3C36
                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 003D3C4D
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D3C6B
                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 003D3C82
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D3CA0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1992179935-0
                                                                                                                                                                                                                  • Opcode ID: 66cefeb26549916871e4cde83a0baf066c8c59f89dfc9ba201127e90f6c9a850
                                                                                                                                                                                                                  • Instruction ID: 7a420c2e07755dcd92c58901c5a32c1751989e830882da140528d514761932d3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66cefeb26549916871e4cde83a0baf066c8c59f89dfc9ba201127e90f6c9a850
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5681F673600716ABD722AF69EC42BAA77A9AF44364F24462BF411DB381E770DE04CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00396ED0 Relevance: 9.2, APIs: 6, Instructions: 202COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 003AF5DD: __EH_prolog3.LIBCMT ref: 003AF5E4
                                                                                                                                                                                                                    • Part of subcall function 003AF5DD: std::_Lockit::_Lockit.LIBCPMT ref: 003AF5EF
                                                                                                                                                                                                                    • Part of subcall function 003AF5DD: std::locale::_Setgloballocale.LIBCPMT ref: 003AF60A
                                                                                                                                                                                                                    • Part of subcall function 003AF5DD: std::_Lockit::~_Lockit.LIBCPMT ref: 003AF65D
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00396F2F
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00396F51
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00396F71
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00396FAA
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0039713F
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0039717E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3RegisterSetgloballocalestd::locale::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2610399687-0
                                                                                                                                                                                                                  • Opcode ID: 94c3233a75a110b73a358fd0329865f9edbecd3b51310ceb815329749fe2b389
                                                                                                                                                                                                                  • Instruction ID: 27e361a9598802a1297f0207a1a88a7d3f2e4a13820411f37e21442122de1eca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94c3233a75a110b73a358fd0329865f9edbecd3b51310ceb815329749fe2b389
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37815AB0C102198FDF12DFA8C98479EBBB4FF05714F248269D509AB391D775A948CFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00397650 Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0039767D
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003976A0
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003976C0
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00397735
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0039774D
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00397766
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: d0e07c5c9ce1c006cb15ce01eb34401525efae951b458a822a207c3d83507a5d
                                                                                                                                                                                                                  • Instruction ID: 43d5d4528dbd662af6dbff5fc35f4739cf95710734b839f6ce353a784e297b79
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0e07c5c9ce1c006cb15ce01eb34401525efae951b458a822a207c3d83507a5d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 785116319142158FCF26DFA8D980BAEB7B9EF41320F158229E8159B3D1E730AD44CBD4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037B960 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Xtime_get_ticks.LIBCPMT ref: 0037B9BB
                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0037B9C9
                                                                                                                                                                                                                  • GetLastError.KERNEL32(sendEventSync), ref: 0037BD38
                                                                                                                                                                                                                    • Part of subcall function 003635D0: HeapAlloc.KERNEL32(?,00000000,?,?,?,0040975C,?,?,0036108B,80004005,6CA27FDA,?,003EA44F,000000FF), ref: 003635FB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocErrorHeapLastUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                                                                  • String ID: Error sending sync event!$sendEventSync
                                                                                                                                                                                                                  • API String ID: 1678419135-652745250
                                                                                                                                                                                                                  • Opcode ID: b4c70bfa6d0019c51437fa843e7630639795577514467b112a10c84e684c1218
                                                                                                                                                                                                                  • Instruction ID: 01107e02aa59001952b0daa38bfe152eea8cefc8442951fd1ac4efed36edca62
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4c70bfa6d0019c51437fa843e7630639795577514467b112a10c84e684c1218
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6E1C070901249DFDB16DFA8C855BAEFBB4EF45314F15C16DE809AB292DB349D04CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003D65F9 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 370COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                                  • String ID: a/p$am/pm
                                                                                                                                                                                                                  • API String ID: 3509577899-3206640213
                                                                                                                                                                                                                  • Opcode ID: 4d927333081b3181e4fc171a46bdba57fe91d8baa95a3e384bd64e0f643c1bcc
                                                                                                                                                                                                                  • Instruction ID: 813e419cd865068d44cf6b5ab01193e177e91720ecc9104e805e3f55f848461b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d927333081b3181e4fc171a46bdba57fe91d8baa95a3e384bd64e0f643c1bcc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1C11073900216CBCB278F68E8A7ABAB7B8FF45300F16415BE961AB751D3319D40DB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AB4B0 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003AB4DD
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003AB500
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003AB520
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003AB595
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003AB5AD
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003AB5C6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 7c8ed4366b74e7b46387dd6551cca9754a573c8be41f2f3e93416152b131fa04
                                                                                                                                                                                                                  • Instruction ID: ca0907250aa893efb2516cf53ecc44172117b2957fa5a796e4d7b26aa32aa96e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c8ed4366b74e7b46387dd6551cca9754a573c8be41f2f3e93416152b131fa04
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69319E71D00255DFCB22DF54D881AAAF7B8FF06720F158669E805AB252E730AD44CBD5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00378600 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mtx_unlock$Cpp_errorThrow_std::_$Cnd_broadcast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4207855644-0
                                                                                                                                                                                                                  • Opcode ID: 873e5498279bb3cf5ef88207da9f4020b60bacc0dd11bb72c2c7b7e30430bd04
                                                                                                                                                                                                                  • Instruction ID: b9446d7748a1acdaf957cff568f9b5caeef0789a76cc6f7548fe677d3654a23e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 873e5498279bb3cf5ef88207da9f4020b60bacc0dd11bb72c2c7b7e30430bd04
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94115972141610AFD722AB249D09A9BB798EF12368F118125EA2C4B352DB38F815CBF1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C8D7A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,003C8D71,003C6550,003AEAD9,6CA27FDA,?,?,?,00000000,003EE117,000000FF,?,0037A83F), ref: 003C8D88
                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 003C8D96
                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003C8DAF
                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000000,003EE117,000000FF,?,0037A83F,?,?,?), ref: 003C8E01
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                  • Opcode ID: 8f3d9d72374dddd4ed35c42e65dc129697f62836e623a58f97f554c4ce27668f
                                                                                                                                                                                                                  • Instruction ID: 5e9f24858ab759cf9156d234007fd48cb0f0207592a6642b94c6b52fc7f2bf7f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f3d9d72374dddd4ed35c42e65dc129697f62836e623a58f97f554c4ce27668f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21019E3310D2125AA61727B87D9DF6A2659EB197B5721033EF111D91E1EF614D10A388
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003ACE70 Relevance: 9.1, APIs: 6, Instructions: 58windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000402,?,?), ref: 003ACE97
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 003ACEA3
                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000401,00000000,00000000), ref: 003ACEBC
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 003ACEC8
                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 003ACED7
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 003ACEE3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessagePostProcWindow$Quit
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3552470998-0
                                                                                                                                                                                                                  • Opcode ID: c80e3552dc3c455af235f01d064d3d3700dd43bd69587d4720e99748e689d9c7
                                                                                                                                                                                                                  • Instruction ID: 6ac40b2a90381a5a078be2022480ad9bee51314e45086ea3f8b6288a6daf4ea0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c80e3552dc3c455af235f01d064d3d3700dd43bd69587d4720e99748e689d9c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE015A77242118BFDB135E99BD48FBB7B2CEB8A726F004416FA01A50A2C2715911D774
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B0C30 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B0C37
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B0C41
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B0C58
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B0C92
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B0CB2
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B0CBF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 17bafa4f045d5a8656216781b00b2e3d6f0f9bd49e55c9b96c9505f7f1a8d2ae
                                                                                                                                                                                                                  • Instruction ID: f1470e440bf5704dbbe78588bf064e889ddb11a4e3028711f0059cab403bf54f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17bafa4f045d5a8656216781b00b2e3d6f0f9bd49e55c9b96c9505f7f1a8d2ae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E01DE359002199FCB1BFFA4C845AAEBBB5AF80710F250229E401AF7D2DF749E01CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B0CC5 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B0CCC
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B0CD6
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B0CED
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B0D27
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B0D47
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B0D54
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 2307bfcbbe74a8250ce8238613dc95e0fff4b38607e49d4081463119c7830627
                                                                                                                                                                                                                  • Instruction ID: 7e260645ef0cc081219f206c2cb1dc957e5539e74beaa9080e40127d86c6d2fe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2307bfcbbe74a8250ce8238613dc95e0fff4b38607e49d4081463119c7830627
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E01CC35900219AFCB0BFBA4C855AAEBB74AF80714F250129E415AF6D2DF74AE05CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6D78 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6D7F
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6D89
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6DA0
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B6DDA
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6DFA
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B6E07
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 7bd08493ade643bbe0877a7c32c9bc74a8e93ec080d41bec23e3c0c5af4272c2
                                                                                                                                                                                                                  • Instruction ID: c085bc22c374231317c5fb9462c96bf6aa86f88e8df51dee7083af9147ce4092
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7bd08493ade643bbe0877a7c32c9bc74a8e93ec080d41bec23e3c0c5af4272c2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB01AD75A006159FCB06ABA4C846AEE7778AF94714F250529E510AF692CF789E05CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6E0D Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6E14
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6E1E
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6E35
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B6E6F
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6E8F
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B6E9C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 9b42d0990d8cca70e3ffda938e45f97ccde5a4c2ab5b1119bdea1cb10e7d7ec3
                                                                                                                                                                                                                  • Instruction ID: d07e279669795babb80f826eb7ce3c23c6731c23f1d062ac3441f0997ef128b1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b42d0990d8cca70e3ffda938e45f97ccde5a4c2ab5b1119bdea1cb10e7d7ec3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A501C0359002159FCB07FBA4C946AAE7774AF91710F250529E510AF6D2CF79EE05CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6EA2 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6EA9
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6EB3
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6ECA
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B6F04
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6F24
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B6F31
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: ce81042c1bf003dfb3857c3b79a3280c161617f505451f676149637d1d42f4b3
                                                                                                                                                                                                                  • Instruction ID: 09a0ed0ce16909aaa99a13b66da4c4fcb80d95c9f738d00abc7f357b37b56f92
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce81042c1bf003dfb3857c3b79a3280c161617f505451f676149637d1d42f4b3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE0100359002199FCB03FBA4C9426BE7B74AF80320F250529F501AF2E2DF389E02CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6FCC Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6FD3
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6FDD
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6FF4
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B702E
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B704E
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B705B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: fdba6734d154ce571a9df5f8e29789892e74f850e544f667121b96d7cda5ca1f
                                                                                                                                                                                                                  • Instruction ID: 48b34dc2ff74c3aa52e266a81e5c2c9a3d5098c94385c2938687ed7eaa79f70c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdba6734d154ce571a9df5f8e29789892e74f850e544f667121b96d7cda5ca1f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9001C0319006159FCB07FBA4C9856AE7774EFC1710F25052AE411AF6D1CF749E05CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B7061 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B7068
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B7072
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B7089
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B70C3
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B70E3
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B70F0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 89622bd8af2bdda9ce9bc3dbd90f973dcf92bd29df8f3942861ffc0f176cb331
                                                                                                                                                                                                                  • Instruction ID: e222097cba0dba406450163a42cbc00ca122977536e3259c90243b8c08503eae
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89622bd8af2bdda9ce9bc3dbd90f973dcf92bd29df8f3942861ffc0f176cb331
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD01D2319042199FCB07FBA4C8456AE7778EF80714F25052AE500AF6D1CF749E05CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B70F6 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B70FD
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B7107
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B711E
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B7158
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B7178
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B7185
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 0dc06d52b839f75373d9326ebd7ac59ea27cbaeaa9f0328b68a3b5a8ae29f380
                                                                                                                                                                                                                  • Instruction ID: cef582830a130e225488ac20caa396efd4063f9f87e7a269316dd67839dc6d93
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dc06d52b839f75373d9326ebd7ac59ea27cbaeaa9f0328b68a3b5a8ae29f380
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2001CC31900219AFCB07FBA8C845AAE77B5EF90720F250129E510AF6D1DF749E05CBE1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B718B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B7192
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B719C
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B71B3
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003B71ED
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B720D
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B721A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 7736531f6b04de5f72c93035e97a53c500492cef3104fda7fb935c14670d504c
                                                                                                                                                                                                                  • Instruction ID: 3c126f2011e44f770986751cdb8141a1a9b5299d671b65f7fe65871877b41bab
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7736531f6b04de5f72c93035e97a53c500492cef3104fda7fb935c14670d504c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F0100369046189FCB03FBA4C841AAE7778EF94310F140929F410AF6D1DF349E01CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C1367 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C136E
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C1378
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C138F
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C13C9
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C13E9
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C13F6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 47ddf746d07a884ef2ebaced05a59a4aa37c778320bf55fbd2bcf05dda24264d
                                                                                                                                                                                                                  • Instruction ID: 4875f479790086309b84ebe2c6c4ad3e12ae911fdb156601c9280f1c9843fbcb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47ddf746d07a884ef2ebaced05a59a4aa37c778320bf55fbd2bcf05dda24264d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A01C035A006199FCB17FBA4C841AAE77B5EF91710F25012DE401AF2D2CF74AE019B91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C13FC Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C1403
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C140D
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C1424
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C145E
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C147E
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C148B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: cd5cf34c371b286be50976e6140560df285e7e9920962cdc5ef1a3b4f6695cf6
                                                                                                                                                                                                                  • Instruction ID: 04635a8564d726e1f4c76d14cb082bfb476e43a7f3d6db7c1a69880456075e4e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd5cf34c371b286be50976e6140560df285e7e9920962cdc5ef1a3b4f6695cf6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF01A9329006199FCB0BFBA4C841AAEB774AF91720F254129E401EB292CB74AE05DBC1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C15BB Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C15C2
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C15CC
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C15E3
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C161D
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C163D
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C164A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: 315026d1c59555ef5312f158b96ca5e71fabdb567602fc35222a79c3f7a08ee0
                                                                                                                                                                                                                  • Instruction ID: 717d218ac1aa545968bd299cccce446ca35bc06157312a7b10d1b7c211df3599
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 315026d1c59555ef5312f158b96ca5e71fabdb567602fc35222a79c3f7a08ee0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1501AD369002159FCB06FBA48841AAE77B5EF91710F29016DE801EB292CB74AE059B81
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C1650 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003C1657
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003C1661
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003C1678
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 003C16B2
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003C16D2
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003C16DF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 55977855-0
                                                                                                                                                                                                                  • Opcode ID: b2f0da4e49ac0db88d461379397f338fb444fab407154446cf738cdfcd1ac70f
                                                                                                                                                                                                                  • Instruction ID: a63e010bf443360bdf644cb099763db70b8bbd50915b0bccca001a15b3321e1f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2f0da4e49ac0db88d461379397f338fb444fab407154446cf738cdfcd1ac70f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D01AD319002199FCB07FBA4C941BAEB7B5AF91710F194169E800EF292DF74AE059B81
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00393950 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393AB8
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393AC3
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393ACA
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393AD5
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393ADC
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393AEA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2134207285-0
                                                                                                                                                                                                                  • Opcode ID: dbddcd01326cd585032acdfbaffd282b76f41dac2a85ac6618e3d046f8f7478a
                                                                                                                                                                                                                  • Instruction ID: 975fd596d36721a40971ed78b81e276aa2af285237c1d18710fa3408ecc72866
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbddcd01326cd585032acdfbaffd282b76f41dac2a85ac6618e3d046f8f7478a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BF0C8B194074CAFD702AF758D02F5B76ACEB06B10F014765FE249E5D1EA7594004F65
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6711 Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6718
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6722
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6739
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • ctype.LIBCPMT ref: 003B675C
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6793
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3ctype
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3358926169-0
                                                                                                                                                                                                                  • Opcode ID: 37fc28f8401b6e22b2b0b8166d90eb77e296429c835aabc858da89ec6ab96364
                                                                                                                                                                                                                  • Instruction ID: 3f604ee29e174c760ad3dbef4be456750ee8adee46026618256ee49ca6d1a259
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37fc28f8401b6e22b2b0b8166d90eb77e296429c835aabc858da89ec6ab96364
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BF09031910619AACF17FBA4C853BAE7328AF50718F510528F610AF5D2EF38AE058B90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B67A6 Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B67AD
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B67B7
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B67CE
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • messages.LIBCPMT ref: 003B67F1
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6828
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 50917705-0
                                                                                                                                                                                                                  • Opcode ID: 17ad8ec4f184628acb2b06337f2cbd47d5d14e9918a92c31adde23d42104efcd
                                                                                                                                                                                                                  • Instruction ID: 151e1ecd37b992c6ac7a105020735b5a7f630551e929424356c8a461778203f5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17ad8ec4f184628acb2b06337f2cbd47d5d14e9918a92c31adde23d42104efcd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF090319006199BDF07FBA4C842BAE7324AF50755F110538F510AF5D2DF38DE058B91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B683B Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6842
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B684C
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6863
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • messages.LIBCPMT ref: 003B6886
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B68BD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 50917705-0
                                                                                                                                                                                                                  • Opcode ID: 6b89a359f49bf0232eb90b1e6bd1f24942ff76243ac73ed40fbf6dd5564adbeb
                                                                                                                                                                                                                  • Instruction ID: 87aeec30df48ae725628f1addf501618931af6c499bc5d6ba1f51e403c25c37a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b89a359f49bf0232eb90b1e6bd1f24942ff76243ac73ed40fbf6dd5564adbeb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CF06D319006199ACB07FBA4C842AAE7324AF60714F550628FA14AF5E2DF399A068781
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003A1420 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 139synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,6CA27FDA), ref: 003A145A
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000228,000000FF,?,?,?,80004005,80004005), ref: 003A15F8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileModuleNameObjectSingleWait
                                                                                                                                                                                                                  • String ID: Error$Error: can't change dir!$\
                                                                                                                                                                                                                  • API String ID: 2211456419-439453160
                                                                                                                                                                                                                  • Opcode ID: 4f2b8dbe67c48814e52cb2b77eadb08f2595adbe89c916a28b93d8a36a27337e
                                                                                                                                                                                                                  • Instruction ID: 18fd01ab40ac76022878c7f7bba84b22c2e6da7997d52dd4f573e9c767ebd432
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f2b8dbe67c48814e52cb2b77eadb08f2595adbe89c916a28b93d8a36a27337e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9751D87094060C9BDB12DF68CC49BEAB7B8EF56310F158299E9159B2D2EB709E44CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BA7DF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                                  • String ID: $+xv
                                                                                                                                                                                                                  • API String ID: 2204710431-1686923651
                                                                                                                                                                                                                  • Opcode ID: dbbb717231a4e89d7893bd10f495949c5c87a36adf114091a03afb7364161a72
                                                                                                                                                                                                                  • Instruction ID: d5c868602cc1981f610a8bd35e00906188ca8674e26a41e0ecd42a26bacb662e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbbb717231a4e89d7893bd10f495949c5c87a36adf114091a03afb7364161a72
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 742181B1904F526EDB22DF7584907BBBFE8AB09704F04051EE599CBE41D774EA01CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003D7922 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,6CA27FDA,?,?,00000000,003E86D0,000000FF,?,003D78FE,?,?,003D78D2,?), ref: 003D7957
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 003D7969
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,003E86D0,000000FF,?,003D78FE,?,?,003D78D2,?), ref: 003D798B
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                  • Opcode ID: 96e831f9f7c5e9d4450dc65a0ff900a10fb7c358584201f4aa20aa6b8cc01dec
                                                                                                                                                                                                                  • Instruction ID: f39e207d03575b44d3f5a18d7fde09047690b9909e48686074e06e70b17b6f46
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96e831f9f7c5e9d4450dc65a0ff900a10fb7c358584201f4aa20aa6b8cc01dec
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64016272A58619EBDB179F58DC05BBFBBBCFB04B15F004626E811A26D0DBB49900CA90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003DDC4F Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003DDCD4
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003DDD9D
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003DDE04
                                                                                                                                                                                                                    • Part of subcall function 003DA5E5: HeapAlloc.KERNEL32(00000000,00000000,003D8374,?,003DC616,?,00000000,?,003D44D7,00000000,003D8374,00000004,?,00000000,?,003D816E), ref: 003DA617
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003DDE17
                                                                                                                                                                                                                  • __freea.LIBCMT ref: 003DDE24
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1096550386-0
                                                                                                                                                                                                                  • Opcode ID: e55aa16903b881702533eb563dde058eedb10be7f7b709c4313112ab127922e0
                                                                                                                                                                                                                  • Instruction ID: 215ad493b2bdf27ce61b49447aa280c3cb18b1aa58257b792b5b22dc60f000db
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e55aa16903b881702533eb563dde058eedb10be7f7b709c4313112ab127922e0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35518F73610206AFEB225FA5EC81EBB7BA9EF54710B16012AFD04DE351EB70DE50D660
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00393B37 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2334871359-0
                                                                                                                                                                                                                  • Opcode ID: b6b7a02db3f4e8d6d9c6ced23bfdf23d8bdd526990bb022ded20b56628adc88a
                                                                                                                                                                                                                  • Instruction ID: 4ee6e2ff8f494ea09f235271796a0acdb57d7c59632faad68196f176ff4e54eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6b7a02db3f4e8d6d9c6ced23bfdf23d8bdd526990bb022ded20b56628adc88a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 934133B5A006158FDB21DF68C881BAAB7F0EF09314F1585A9E819AB751D731ED05CFA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B194B Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B1952
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B195C
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B1A03
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003B1A0E
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B1A1B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 845066630-0
                                                                                                                                                                                                                  • Opcode ID: 68127b8a37456ce8740cdd4ed30c42fe0f81a49e1abcc5a9188ba9eacec3608e
                                                                                                                                                                                                                  • Instruction ID: 6613f764ba5e247b28c0abc2609bfe7d7eb069cffa8d4312db6d5aefce72e7ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68127b8a37456ce8740cdd4ed30c42fe0f81a49e1abcc5a9188ba9eacec3608e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70316934A10615EFDB06EF68C8A1AADB775FF05710F808559E915AFAA1CB70BE40CF80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B4EC6 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2020259771-0
                                                                                                                                                                                                                  • Opcode ID: 79e3178979ad993d73dbffa6065a571ff9a9e6c007e13ab6779c85cd28ff5ea3
                                                                                                                                                                                                                  • Instruction ID: 8565d2d5ba1e08d0b332c0dd2dd5fc5e1ed50216c8bb3841168356bed1601ae8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79e3178979ad993d73dbffa6065a571ff9a9e6c007e13ab6779c85cd28ff5ea3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9118CB1900B85BFE721EBA99C81F56B7ACBF09718F040519F344CBE41D265F85487A9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B68D0 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B68D7
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B68E1
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B68F8
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6952
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1383202999-0
                                                                                                                                                                                                                  • Opcode ID: 74fe1b471b0e778f12aef44d5aeb3a59e1584774db2da3858f3b95a9996c0e71
                                                                                                                                                                                                                  • Instruction ID: a44ac084ccb2b113c47d1eff1606bc9b732ed8c321bca49f946924cac6922e99
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74fe1b471b0e778f12aef44d5aeb3a59e1584774db2da3858f3b95a9996c0e71
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89F090329006199FCB17FBA0C952AAE3624AF50724F210528F624AF5D2EF399E048B90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6965 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B696C
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6976
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B698D
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B69E7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1383202999-0
                                                                                                                                                                                                                  • Opcode ID: 82e2060719c23406844b9cc6af8e45486e577e77a5c6bf8d43e52b10a0afb072
                                                                                                                                                                                                                  • Instruction ID: fe0581327551038cc936bf50d43efa904245bb17ca6f1b82e46f1626202d4ccd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82e2060719c23406844b9cc6af8e45486e577e77a5c6bf8d43e52b10a0afb072
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFF090319006199FCF17FBA0C842ABE3224AF50B14F510638F510AF6D2DF38DE058781
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B69FA Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6A01
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6A0B
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6A22
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6A7C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1383202999-0
                                                                                                                                                                                                                  • Opcode ID: 4f8702e3f5677b612a313f1cc5819d0ce2dd5371273b800425f41d4d6bc5689a
                                                                                                                                                                                                                  • Instruction ID: 742f048a23f24fa669b7b0312e895150804e218ce021644bb07d8b2b670c9be5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f8702e3f5677b612a313f1cc5819d0ce2dd5371273b800425f41d4d6bc5689a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F090719006199ACF07FBA4C942ABE3324AF50714F514528F620BF5D2DF389E448781
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6A8F Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6A96
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6AA0
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6AB7
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6B11
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1383202999-0
                                                                                                                                                                                                                  • Opcode ID: 8082e52ede390ea268a5a948609ea321a5174aa330db838f4d349a311368f2b1
                                                                                                                                                                                                                  • Instruction ID: 9beb4f5e20de1454e083b41dc20ff64fa46652591709af9e0f603849bdf82bad
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8082e52ede390ea268a5a948609ea321a5174aa330db838f4d349a311368f2b1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10F06D319006199ACB07FBA0C942AAE7324EF50754F550568F510AF5E2DF399E058790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B6B24 Relevance: 7.5, APIs: 5, Instructions: 28COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003B6B2B
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003B6B35
                                                                                                                                                                                                                  • int.LIBCPMT ref: 003B6B4C
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::_Lockit.LIBCPMT ref: 00383561
                                                                                                                                                                                                                    • Part of subcall function 00383550: std::_Lockit::~_Lockit.LIBCPMT ref: 0038357B
                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 003B6B6F
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003B6BA6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3moneypunct
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3160146232-0
                                                                                                                                                                                                                  • Opcode ID: b0b7e1ca843be22ae764433d99e8f14b38d20efb0789a0a913e2df8f9b0793bb
                                                                                                                                                                                                                  • Instruction ID: b990cfcb27e4103da521cbd2739888e8df553cc5e0332a6e2de786a3c9ebb578
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0b7e1ca843be22ae764433d99e8f14b38d20efb0789a0a913e2df8f9b0793bb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF05836A406199ACF03FBA0C842BAE7738AF60701F450028A540AF692CF389E08CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00376340 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00376605
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00376623
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037662E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                                                  • String ID: list too long
                                                                                                                                                                                                                  • API String ID: 2334871359-1124181908
                                                                                                                                                                                                                  • Opcode ID: f15ff5df8898ce89b16a7b574fde2a89de337ee2b8b517c37ebdddd957ef9a98
                                                                                                                                                                                                                  • Instruction ID: c17a7be0269e10348a6ffc77ff1c7cbedd2d784644f7b7e4c1f0f096021082c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f15ff5df8898ce89b16a7b574fde2a89de337ee2b8b517c37ebdddd957ef9a98
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DB14AB1E006089FDB11DFA8D995B9DBBF4FF49310F158169E809EB391E774A904CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00370200 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 255COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 003704E1
                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 003704F0
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ___std_exception_destroy
                                                                                                                                                                                                                  • String ID: at line $, column
                                                                                                                                                                                                                  • API String ID: 4194217158-191570568
                                                                                                                                                                                                                  • Opcode ID: edae03506cfae2d21d09db04fdeb53c2186cd30ec0c5da1eb41da3dcfd35e7d2
                                                                                                                                                                                                                  • Instruction ID: a2d3f4605f5f3f51e9923e08b6536e93cf28a0fb8ae019be7a430139b044b1d7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edae03506cfae2d21d09db04fdeb53c2186cd30ec0c5da1eb41da3dcfd35e7d2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C791E671A002089FDB2DCB68CC85BAEB7B5EF45300F14816DE459EB781D774AA858B91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037E870 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mtx_unlock
                                                                                                                                                                                                                  • String ID: list too long
                                                                                                                                                                                                                  • API String ID: 1418687624-1124181908
                                                                                                                                                                                                                  • Opcode ID: 8a9ca09328d5262570b109836414813c4e7fc3972ad3b1e44caf0d61ff631008
                                                                                                                                                                                                                  • Instruction ID: 06f3e7f2a2a4a88739150e58f7b4b635ebcbcccdc3216565f807e9ca49370e98
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a9ca09328d5262570b109836414813c4e7fc3972ad3b1e44caf0d61ff631008
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C51F6729042959FDB16CF64C440BEABBB4FF0A304F18C1E9E9999F342D735A905CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003768C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00376A56
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00376A89
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00376A90
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                                                  • String ID: 2
                                                                                                                                                                                                                  • API String ID: 2334871359-450215437
                                                                                                                                                                                                                  • Opcode ID: 292e183dbe2ec60ab309c0f4e9fba49e9e97bd54e80afe51de7782513da64dee
                                                                                                                                                                                                                  • Instruction ID: 2963d0450681f6abd64b857893f23707828d6b5eea86af7478405e3ca5f137c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 292e183dbe2ec60ab309c0f4e9fba49e9e97bd54e80afe51de7782513da64dee
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59518F75A005198FCB65DF68C8A2AAEB7F5FB49310F158169E819FB391D734ED00CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003729F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00372B45
                                                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00372BDF
                                                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00372C06
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ___std_exception_copy
                                                                                                                                                                                                                  • String ID: ange
                                                                                                                                                                                                                  • API String ID: 2659868963-4159947239
                                                                                                                                                                                                                  • Opcode ID: 1617898f2e3d9b0c5421c986268d7dac8cbe50c7f063901ccdb54e18b87692ba
                                                                                                                                                                                                                  • Instruction ID: 929d218ee69205110182480c49b8d591726e5485c443c179eb37c2e3d54e1cfe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1617898f2e3d9b0c5421c986268d7dac8cbe50c7f063901ccdb54e18b87692ba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C61C3B1D106099FCB05CF68C885AAEF7B4FF55310F14C21AE419AB741E774A994CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039477D Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154nativeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetPriorityClass.KERNEL32(?,?), ref: 003947A5
                                                                                                                                                                                                                  • NtQueryInformationProcess.NTDLL(?,00000027,?,00000004,?), ref: 00394934
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  • GetLastError.KERNEL32(Error), ref: 0039483D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$ClassErrorFindHeapInformationLastPriorityQueryResource
                                                                                                                                                                                                                  • String ID: Error$GetPriorityClass failed.
                                                                                                                                                                                                                  • API String ID: 1955618286-3043193832
                                                                                                                                                                                                                  • Opcode ID: d42c5b39d6a7f0f13c87dc3988ffc70d8e1f7b8a250afa785be91babe3c5e353
                                                                                                                                                                                                                  • Instruction ID: 62f956505aabe525435b4477dd9dcf2889cadbca8d7092088bb83eed3ab58786
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d42c5b39d6a7f0f13c87dc3988ffc70d8e1f7b8a250afa785be91babe3c5e353
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E951EF70E00249DBEB06DFA8C905BADB7B0FF51304F15825DEA05AF296EB749E44CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00396D20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00396E3E
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00396E5C
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00396E67
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                                                  • String ID: Mh9
                                                                                                                                                                                                                  • API String ID: 2334871359-1965207078
                                                                                                                                                                                                                  • Opcode ID: 6b6fe1be110241a1323c175416f7d6d3f4390f5ccb01e72b81ff83a014abd459
                                                                                                                                                                                                                  • Instruction ID: 42a240ffd8ed62c7793138c7fa11d943556aaa0b93a037bfe05682e18bbd67bb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b6fe1be110241a1323c175416f7d6d3f4390f5ccb01e72b81ff83a014abd459
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A751B475A01505AFDF1ADF24C951FEAB7A8FF05310F01826AE92ACB691DB30E905CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039E9E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000200,00000000,?,6CA27FDA,?), ref: 0039EA23
                                                                                                                                                                                                                  • SetProcessPriorityBoost.KERNEL32(?,00989680,?,?,?,?,?,00000000), ref: 0039EA89
                                                                                                                                                                                                                  • GetTickCount64.KERNEL32 ref: 0039EA93
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$BoostCount64OpenPriorityTick
                                                                                                                                                                                                                  • String ID: |&?
                                                                                                                                                                                                                  • API String ID: 985541087-3608340031
                                                                                                                                                                                                                  • Opcode ID: d250fb979e2f57be7e8e4dca43d9f652fa57d070baa4296c1ae66119f8b73c17
                                                                                                                                                                                                                  • Instruction ID: ecb51a9ebdffbecf0850bb39c4cac1e5dd845a85cfb93a824162fb487694e170
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d250fb979e2f57be7e8e4dca43d9f652fa57d070baa4296c1ae66119f8b73c17
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9315C75901209DFCF15DFA5C554BAEBBB8FF04310F10452AE816AB6A0DB34AA44CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BA714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003BA71B
                                                                                                                                                                                                                    • Part of subcall function 003B4EC6: _Maklocstr.LIBCPMT ref: 003B4EE6
                                                                                                                                                                                                                    • Part of subcall function 003B4EC6: _Maklocstr.LIBCPMT ref: 003B4F03
                                                                                                                                                                                                                    • Part of subcall function 003B4EC6: _Maklocstr.LIBCPMT ref: 003B4F20
                                                                                                                                                                                                                    • Part of subcall function 003B4EC6: _Maklocchr.LIBCPMT ref: 003B4F32
                                                                                                                                                                                                                    • Part of subcall function 003B4EC6: _Maklocchr.LIBCPMT ref: 003B4F45
                                                                                                                                                                                                                  • _Mpunct.LIBCPMT ref: 003BA7A8
                                                                                                                                                                                                                  • _Mpunct.LIBCPMT ref: 003BA7C2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                                  • String ID: $+xv
                                                                                                                                                                                                                  • API String ID: 2939335142-1686923651
                                                                                                                                                                                                                  • Opcode ID: fa2097f45936c4f684e0c7e934355427b32191b2b62d912a11ae3683742d4c32
                                                                                                                                                                                                                  • Instruction ID: 3eb3b703c9fc43772d3c323028584cbebdc3ad4704f3bfd2ab22f35c60a56df6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa2097f45936c4f684e0c7e934355427b32191b2b62d912a11ae3683742d4c32
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9521A1B1904F916ED722DF758480BBBBFF8AB09704B04061AE199CBE42D730EA01CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C29D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mpunct$H_prolog3
                                                                                                                                                                                                                  • String ID: $+xv
                                                                                                                                                                                                                  • API String ID: 4281374311-1686923651
                                                                                                                                                                                                                  • Opcode ID: 4382355dde1f016ba0119a94f352816519a399c4b33c819959d7d2d69092b4ed
                                                                                                                                                                                                                  • Instruction ID: 22bd64bbe9be17c439643d87036bc222398cc915dccfcc9150aef367b0f37cc2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4382355dde1f016ba0119a94f352816519a399c4b33c819959d7d2d69092b4ed
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 082195B5904B526ED726DF75C480B7BBFF8AB09700F04091EE459CBA41D774EA05CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00380AC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • QueryServiceConfigW.ADVAPI32(?,00000000,00000000,?,6CA27FDA,?,?,?,?,003EAAC0,000000FF), ref: 00380AFE
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,003EAAC0,000000FF), ref: 00380B08
                                                                                                                                                                                                                  • QueryServiceConfigW.ADVAPI32(?,00000000,?,?,?), ref: 00380B2F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConfigQueryService$ErrorLast
                                                                                                                                                                                                                  • String ID: '7
                                                                                                                                                                                                                  • API String ID: 1432337022-470522288
                                                                                                                                                                                                                  • Opcode ID: ddc8c5e1fa67cd8eb72391cea1b45a6c5b85680ba6530e30a22aa061bab0f47d
                                                                                                                                                                                                                  • Instruction ID: 257e6a83f80f9a56827fa1130c7d1cbf9b1ec5429cfa5f5e3e3bb7987a5f2f9f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddc8c5e1fa67cd8eb72391cea1b45a6c5b85680ba6530e30a22aa061bab0f47d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2011E472A04715AFDB2B9F94EC41BBBB3ACFB04710F0405AAE819D7240E735E904C794
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003E53DC Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetConsoleOutputCP.KERNEL32(6CA27FDA,00000000,00000000,?), ref: 003E543F
                                                                                                                                                                                                                    • Part of subcall function 003DD3C7: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,003DDDFA,?,00000000,-00000008), ref: 003DD428
                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 003E5691
                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 003E56D7
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 003E577A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2112829910-0
                                                                                                                                                                                                                  • Opcode ID: 01072786bc342969f59eea5c6e447bd32c0b784c458f70160bfd2f59bd6dc9b1
                                                                                                                                                                                                                  • Instruction ID: ac366e8f0029ee23367dc7d4a7204c3e4dd44eb6f82da0d9640c9bbbe34e001c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01072786bc342969f59eea5c6e447bd32c0b784c458f70160bfd2f59bd6dc9b1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CD17B75D006A8DFCB16CFA9C8809EDBBB5FF09314F24422AE556EB391D730A951CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B78A5 Relevance: 6.3, APIs: 4, Instructions: 319COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 838279627-0
                                                                                                                                                                                                                  • Opcode ID: ef988ca2833916bcc6239d98b0cfe9b3c0fd30a10c4b00154e959b8c8847ce80
                                                                                                                                                                                                                  • Instruction ID: 219ba146eba22671c5998cbb48071d79d12bf4c3259ac2f186f2f50d7223cf7b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef988ca2833916bcc6239d98b0cfe9b3c0fd30a10c4b00154e959b8c8847ce80
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52C18B71D04209DFDF16DFA4C981AEEBBB9EF88304F14401AE605AB651D730AE45CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B0FB1 Relevance: 6.3, APIs: 4, Instructions: 316COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 838279627-0
                                                                                                                                                                                                                  • Opcode ID: 2233e23d3b86512e8523259162a5d090a1cbc8c973d9c4fc1812c3ee395f2b68
                                                                                                                                                                                                                  • Instruction ID: 5c13b44e0dca56233cc73f6404af5736557a15b58746788f6e7c62c8f3fdadca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2233e23d3b86512e8523259162a5d090a1cbc8c973d9c4fc1812c3ee395f2b68
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74C17871D00249DFDF16DFD8C991AEEBBB9EF08304F54402AEA05AB651D730AE45CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00396940 Relevance: 6.3, APIs: 4, Instructions: 311processCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00396ED0: std::_Lockit::_Lockit.LIBCPMT ref: 00396F2F
                                                                                                                                                                                                                    • Part of subcall function 00396ED0: std::_Lockit::_Lockit.LIBCPMT ref: 00396F51
                                                                                                                                                                                                                    • Part of subcall function 00396ED0: std::_Lockit::~_Lockit.LIBCPMT ref: 00396F71
                                                                                                                                                                                                                    • Part of subcall function 00396ED0: std::_Lockit::~_Lockit.LIBCPMT ref: 00396FAA
                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00396BA2
                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(?,0000022C), ref: 00396BE4
                                                                                                                                                                                                                    • Part of subcall function 00396B50: Process32NextW.KERNEL32(?,0000022C), ref: 00396CDB
                                                                                                                                                                                                                    • Part of subcall function 00396B50: CloseHandle.KERNEL32(?), ref: 00396CEF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 955751528-0
                                                                                                                                                                                                                  • Opcode ID: 686eabb1779fe2106ffbea61491403307bac33fa728d9278de389452ea3761a4
                                                                                                                                                                                                                  • Instruction ID: a9e402d3879a4724483ba9d02e783ebae990ef93a613a51f8714b2adc06d0000
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 686eabb1779fe2106ffbea61491403307bac33fa728d9278de389452ea3761a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FB1C0719012199FDF26DF68CC9ABAEB7B4EF44310F14825DE815AB291DB34AE44CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00380660 Relevance: 6.2, APIs: 4, Instructions: 196COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorMtx_unlockThrow_std::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2243708590-0
                                                                                                                                                                                                                  • Opcode ID: 256606ce0fa645ba72b9de1c49eeeaf20b420a4b4e978a4c530f6eec201921c5
                                                                                                                                                                                                                  • Instruction ID: 12ca50484a6a96764508f11c9849027660d541f9af5abc627c06eab65706fe28
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 256606ce0fa645ba72b9de1c49eeeaf20b420a4b4e978a4c530f6eec201921c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 796104B1A00309DFDB15EF58C881BAAFBE4EF45310F1482ADE8199B781DB35A904CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C8E91 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                                                  • Opcode ID: 473219c4a070839790ea2321dce0d8baffad8a6bee4386e1554399f12c0d00ae
                                                                                                                                                                                                                  • Instruction ID: 389ff1640305a13735f6997c66dde95b5925528db8193dadaea58ebde5e59422
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 473219c4a070839790ea2321dce0d8baffad8a6bee4386e1554399f12c0d00ae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3451D472600606AFDB2B8F24E841FBA77A5EF54710F15452DE802CB691EB31EE40CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039D040 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0039D1C7
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0039D1CC
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0039D1D1
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0039D1D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                                                                  • Opcode ID: 2d00396ccf1859deece2772bd0fe0e4d0151044187216616d6425c4b147def21
                                                                                                                                                                                                                  • Instruction ID: 7f244353965f5f03a533babd03a6d9391cfed63fe39141cd43b2275c62e782b6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d00396ccf1859deece2772bd0fe0e4d0151044187216616d6425c4b147def21
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5651CEB26002019FCB15DF29C881A69B7E5FF98311B25C66AECA9CB351DB31ED51CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003DC77B Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 8fbd7b5640b313549e2e174f262f4693812ff42d5912c9cf979f1587c77dc96b
                                                                                                                                                                                                                  • Instruction ID: b2e24402f593a3f40b324258769007e236620508a2d2085c278114ace8ebfbc1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fbd7b5640b313549e2e174f262f4693812ff42d5912c9cf979f1587c77dc96b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2141B473A20749AFD7169F38EC41FAABBE9EB44710F10952AF151DB781D7719940CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00396B50 Relevance: 6.1, APIs: 4, Instructions: 132processCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00396BA2
                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(?,0000022C), ref: 00396BE4
                                                                                                                                                                                                                  • Process32NextW.KERNEL32(?,0000022C), ref: 00396CDB
                                                                                                                                                                                                                    • Part of subcall function 00394160: OpenProcess.KERNEL32(00000410,00000000,80004005,6CA27FDA,00000000,74DEF550,?,?,00000000,003EB98D,000000FF,?,80004005,80004005,?,?), ref: 00394190
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00396CEF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextOpenProcessSnapshotToolhelp32
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1181503618-0
                                                                                                                                                                                                                  • Opcode ID: 146d3223157cb08dd96796ffb51a0665072fcb2d79694c5072d041127a3f9e89
                                                                                                                                                                                                                  • Instruction ID: b7f67a1d1082063fbd8c35e930e5efc15044a4bd6bc19eb91bd64caabc5b6714
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 146d3223157cb08dd96796ffb51a0665072fcb2d79694c5072d041127a3f9e89
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F5170319026199BDF22DF64CC49FAEB7B8EF05710F1541A9F859A7290DB34AE84CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00378010 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorMtx_unlockThrow_std::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2243708590-0
                                                                                                                                                                                                                  • Opcode ID: 97bcfaa65b3afc6ea8021595cbf918ae4485bdffda3a4b9bf88d64ec109376be
                                                                                                                                                                                                                  • Instruction ID: 1413e0f0ef912bf21e239823024e266e153e1645614ac3046b6378be4a88780a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97bcfaa65b3afc6ea8021595cbf918ae4485bdffda3a4b9bf88d64ec109376be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2410470A01205DFDB11DF68C945B9EFBF4EF05314F148299E819AB381DB35A905CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037C4D0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 0037C551
                                                                                                                                                                                                                    • Part of subcall function 0037D260: WinHttpConnect.WINHTTP(?,?,000001BB,00000000,6CA27FDA,00000000,00000010,?,00000000,00000010,?,?,?,?,?,003EA695), ref: 0037D2B2
                                                                                                                                                                                                                    • Part of subcall function 0037D260: GetTickCount64.KERNEL32 ref: 0037D2F3
                                                                                                                                                                                                                    • Part of subcall function 0037D260: WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00800000), ref: 0037D334
                                                                                                                                                                                                                    • Part of subcall function 0037D260: WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 0037D355
                                                                                                                                                                                                                    • Part of subcall function 0037D260: WinHttpCloseHandle.WINHTTP(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 0037D366
                                                                                                                                                                                                                    • Part of subcall function 0037D260: WinHttpCloseHandle.WINHTTP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 0037D36B
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 0037C5BC
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037C623
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0037C631
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Http$CloseCpp_errorHandleMtx_unlockThrow_std::_$ConnectCount64OpenRequestTickTimeouts
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 186550968-0
                                                                                                                                                                                                                  • Opcode ID: c5e14d5d886cd2e2b53ac486f88319b58c43f371b90dd4b12aa417c525663b80
                                                                                                                                                                                                                  • Instruction ID: c18a43b378fce061b4897e8f1f15d399ca9d151fcd4ca9fcb8c0d7f1f04e4cbc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e14d5d886cd2e2b53ac486f88319b58c43f371b90dd4b12aa417c525663b80
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0041B671A00604CFDB25DF69C881B5AB3B4EF06324F05966DE829AB6D2DB39F904CF51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00383860 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003838A4
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 003838EC
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00383921
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003839B6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1143662833-0
                                                                                                                                                                                                                  • Opcode ID: e7cd9975d14a6767c415c0d222085aa2b5f1349b96810d311e7a34d5b7a5cb58
                                                                                                                                                                                                                  • Instruction ID: 8bf89fd2dcb9c42920fbd902782c40909e41d9a35b76c00402a551cb1aef6e2e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7cd9975d14a6767c415c0d222085aa2b5f1349b96810d311e7a34d5b7a5cb58
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11413DB1D043889FEB11EFE4C94579EBBF8AF19304F14416AE845EB381E7B5A608CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00391820 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00391A17
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00391A22
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2134207285-0
                                                                                                                                                                                                                  • Opcode ID: 0e9bfdcaa7b65edd37f6b3c26b828fcbadbab5afdb3f4818653778b2f0a18726
                                                                                                                                                                                                                  • Instruction ID: 88163bfbfe6161340e57826874a68259256720cd58900867d98fec1d2d358616
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e9bfdcaa7b65edd37f6b3c26b828fcbadbab5afdb3f4818653778b2f0a18726
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4210BB1900649ABDB11AF658D01F9BF7ECEB05710F00466AF924B7681E734A9058F61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0039EBD0 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 0039EC18
                                                                                                                                                                                                                  • __Mtx_destroy_in_situ.LIBCPMT ref: 0039EC60
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039EC7C
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039EC87
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_destroy_in_situMtx_unlock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3678914369-0
                                                                                                                                                                                                                  • Opcode ID: 9a97abcbcfa804131d109428dc413d71e006c9a877b46fc09002d5560e2615f6
                                                                                                                                                                                                                  • Instruction ID: 7f7ba46239309decd5ec16cb49c8b65cb2da576ed8ab15f174030ab1b8738907
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a97abcbcfa804131d109428dc413d71e006c9a877b46fc09002d5560e2615f6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0011E2B2A002049BDF12EF15CD82F5677A8EF06710F104268F815DF392EB36EC058BA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00391745 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 00391777
                                                                                                                                                                                                                  • __Mtx_destroy_in_situ.LIBCPMT ref: 0039177D
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00391801
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 0039180C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$Mtx_destroy_in_situMtx_unlock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3678914369-0
                                                                                                                                                                                                                  • Opcode ID: f89e5425fe6cb1fff70e0eddc8257702d6f6bb0748e8a68df5e08ae3366519e4
                                                                                                                                                                                                                  • Instruction ID: 7b2ae1dbeb35e684ef6cde11858b275677872c82142af03a055507e10bee1de3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f89e5425fe6cb1fff70e0eddc8257702d6f6bb0748e8a68df5e08ae3366519e4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2721D2766002028FDF19EF78D99676E73A1EF01310F154668E815DF296EB35E9108B91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003D54F1 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: d0af98d2c73a431a5db7391e80f62bae67ff9de1c6b445726433ce72619c07df
                                                                                                                                                                                                                  • Instruction ID: 064effaadcdf7c3ddd2a0545bdfb3954eb8dd21a7d10e333c4694ac531454047
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0af98d2c73a431a5db7391e80f62bae67ff9de1c6b445726433ce72619c07df
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F218E72600A09AFDB17AF65FC4096A77AFEF01368711451AF916CB351EB30ED108B50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AF13B Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 003AF09C: GetModuleHandleExW.KERNEL32(00000002,00000000,?,?,?,003AF0EE,00000014,?,003AF12F,00000014,?,00379285,00000000,00000014,?,6CA27FDA), ref: 003AF0A8
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003AF17C
                                                                                                                                                                                                                  • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,6CA27FDA,?,?,?,003E86D0,000000FF), ref: 003AF1A2
                                                                                                                                                                                                                  • __Mtx_unlock.LIBCPMT ref: 003AF1D8
                                                                                                                                                                                                                  • __Cnd_broadcast.LIBCPMT ref: 003AF1E7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 420990631-0
                                                                                                                                                                                                                  • Opcode ID: d653dde6788947b5666132ea80c41a6dedd43bfc316fb90d2676d445f8ec4be7
                                                                                                                                                                                                                  • Instruction ID: ef1a1e50902ffdbacc79d2e856c73bec9d175dc26416ba4794b48706919220f0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d653dde6788947b5666132ea80c41a6dedd43bfc316fb90d2676d445f8ec4be7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18112732600611EFCB276BA4DC41A2F77A8EB52B30F11453BF815EB691DF39D800C6A4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003D4124 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,?,003D3FC6,00000000,00000004,00000000), ref: 003D4173
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0040BB3C,?,?,?,003A17C9,003A15E0,00000000,?), ref: 003D417F
                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 003D4186
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2744730728-0
                                                                                                                                                                                                                  • Opcode ID: 3c9d3eacbe9ebef992cb6a06da1ad6fbbda393e4bb4263cafb33b57e00af31de
                                                                                                                                                                                                                  • Instruction ID: 1a67b6388ab71862cde38ef17c6606f1c428d255afa845c81cc72bddd38ea06e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c9d3eacbe9ebef992cb6a06da1ad6fbbda393e4bb4263cafb33b57e00af31de
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C01F977800208BBCB179B65EC09BAE7A7DEF90376F11421AF525D62D0EB708D40D751
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037B1D0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$ActiveCursorForegroundFromPoint
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4205958593-0
                                                                                                                                                                                                                  • Opcode ID: 5c46d90800dcdee407c5be9b3d84b4d7c3c05b198218732c1b471ee252d484af
                                                                                                                                                                                                                  • Instruction ID: 141ba342a111af327c9c108bc71b7df37011d4d9b2ea6d2c142104862d29e7c6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c46d90800dcdee407c5be9b3d84b4d7c3c05b198218732c1b471ee252d484af
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5001AC36D0121C6BCB329FA9A8845ADF7BDEF45311F1686A6ED1CE3212D7358C419790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00393AF0 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393C90
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393C9B
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393CA2
                                                                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00393CAD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2134207285-0
                                                                                                                                                                                                                  • Opcode ID: 625c4e35f75cb498e97459c2ba2cecc1048b48e033e2e7507af7b4501f14ad10
                                                                                                                                                                                                                  • Instruction ID: 290b9b715a0a7bdcf580d4ea181b9152873170803391bf1ca1ec6f741616c29d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 625c4e35f75cb498e97459c2ba2cecc1048b48e033e2e7507af7b4501f14ad10
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF0BBB1940B4CAFD701AF75CD42F5BB6ACEB06700F004629F914EB592E67595004F65
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AF5DD Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 003AF5E4
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003AF5EF
                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 003AF65D
                                                                                                                                                                                                                    • Part of subcall function 003AF76F: std::locale::_Locimp::_Locimp.LIBCPMT ref: 003AF787
                                                                                                                                                                                                                  • std::locale::_Setgloballocale.LIBCPMT ref: 003AF60A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 677527491-0
                                                                                                                                                                                                                  • Opcode ID: 3224b9175f1ff730abb6f74f7c851c87950112d0242f58e9607578f2a2601f1e
                                                                                                                                                                                                                  • Instruction ID: 14b96b4cf7d1bafcdb1ddaa05386ad3472d0f3ba7affc991cd1bd6c5bdb5eca2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3224b9175f1ff730abb6f74f7c851c87950112d0242f58e9607578f2a2601f1e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8501DF79A006219FCB07FB60D98197D7B65FF95750B154028E801AB392CF346E46CBC4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003E77DA Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,003E6B1E,00000000,00000001,00000000,?,?,003E57CE,?,00000000,00000000), ref: 003E77F1
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,003E6B1E,00000000,00000001,00000000,?,?,003E57CE,?,00000000,00000000,?,?,?,003E5D71,00000000), ref: 003E77FD
                                                                                                                                                                                                                    • Part of subcall function 003E77C3: CloseHandle.KERNEL32(FFFFFFFE,003E780D,?,003E6B1E,00000000,00000001,00000000,?,?,003E57CE,?,00000000,00000000,?,?), ref: 003E77D3
                                                                                                                                                                                                                  • ___initconout.LIBCMT ref: 003E780D
                                                                                                                                                                                                                    • Part of subcall function 003E7785: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,003E77B4,003E6B0B,?,?,003E57CE,?,00000000,00000000,?), ref: 003E7798
                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,003E6B1E,00000000,00000001,00000000,?,?,003E57CE,?,00000000,00000000,?), ref: 003E7822
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2744216297-0
                                                                                                                                                                                                                  • Opcode ID: 70bd675fc30b6bde60ceba6f997ab29447ee0077f39a0442ed9c2f8c9a34ed4a
                                                                                                                                                                                                                  • Instruction ID: 7464a8db7fddbdad3c110e36b103a4a6be04c5b90611257cbffbe19c4322fc82
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70bd675fc30b6bde60ceba6f997ab29447ee0077f39a0442ed9c2f8c9a34ed4a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57F01236500169BBCF136F95DC09E993F66EF48361F414510FE1895261EA318820DBD5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00370510 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 328COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0037090B
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ___std_exception_copy
                                                                                                                                                                                                                  • String ID: parse error$ror
                                                                                                                                                                                                                  • API String ID: 2659868963-4201802366
                                                                                                                                                                                                                  • Opcode ID: 8a5a7d7fb9dffe8f6b048547b10e679557914460daf7241c03473118a4f00d84
                                                                                                                                                                                                                  • Instruction ID: 8def4284bc78c18fa2fdff2899a00197adf7d129b6d688e7ce8d9ff70147433b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a5a7d7fb9dffe8f6b048547b10e679557914460daf7241c03473118a4f00d84
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5D1BE71910248DFEB1ACF68CC85BADBB71FF45300F14C29DE418AB692D774AA85CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003D282E Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __aulldiv
                                                                                                                                                                                                                  • String ID: +$-
                                                                                                                                                                                                                  • API String ID: 3732870572-2137968064
                                                                                                                                                                                                                  • Opcode ID: f15d4460fdbdfde5980bcc3a779d8cf7de189c8abcd560745487c464b82f5d43
                                                                                                                                                                                                                  • Instruction ID: 737a4c5ac8f1650996de81554af6a87e368299f1325bf94078eda69b6defc79d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f15d4460fdbdfde5980bcc3a779d8cf7de189c8abcd560745487c464b82f5d43
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4A1D232E402599ECF26CE7898607BF7BA4EF65320F15855BECA1AB381D734D9019B50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0036CA5B Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 270COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: array
                                                                                                                                                                                                                  • API String ID: 0-2701979319
                                                                                                                                                                                                                  • Opcode ID: a807c67e78899bcdaf154945979d18627651df455b72b6df3b6edf36500e63d7
                                                                                                                                                                                                                  • Instruction ID: b7d2c5843b3bd04fe0fe5cf554706bdf3cd7e40d40c8475677266d9a0941f17e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a807c67e78899bcdaf154945979d18627651df455b72b6df3b6edf36500e63d7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1B19F71E102588FDB1ACB64C894BEDBB75BF45300F14C29AE449AB745DB30AAC4CF61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0036CCB6 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: array
                                                                                                                                                                                                                  • API String ID: 0-2701979319
                                                                                                                                                                                                                  • Opcode ID: 7a93a12142f22aa517ccb2bbaaa3909ca7bf7bc35c8546a5f69708251547ca76
                                                                                                                                                                                                                  • Instruction ID: f6bfae14c3e863d40f30a87a63851aaee4273b343694390dd602439f2b7dcf49
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a93a12142f22aa517ccb2bbaaa3909ca7bf7bc35c8546a5f69708251547ca76
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BB19175E102588FDB1ACF64C894BEDBB75BF49300F14C299E449AB746DB30AA84CF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0036CE07 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: array
                                                                                                                                                                                                                  • API String ID: 0-2701979319
                                                                                                                                                                                                                  • Opcode ID: df2a43309d0d74dbc3c9646b75079948025a360a0ffa422b6325ece5b7bc5258
                                                                                                                                                                                                                  • Instruction ID: 54e12c8c8fb66189e75af8560c247c8e2c082bf2cbd44f2b4fdd92c6a4ff183d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df2a43309d0d74dbc3c9646b75079948025a360a0ffa422b6325ece5b7bc5258
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1B1B171E112588FDB1ACF68C894BEDFBB5BF45300F14C299E449AB746DB30A984CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0036C97C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 0036D0A5
                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 0036D0B8
                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 0036DCB8
                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 0036DCCB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ___std_exception_destroy
                                                                                                                                                                                                                  • String ID: array
                                                                                                                                                                                                                  • API String ID: 4194217158-2701979319
                                                                                                                                                                                                                  • Opcode ID: 888ee2e3842da5f42538aaefd736a805698050176405e75e5cf9b89f47579fda
                                                                                                                                                                                                                  • Instruction ID: d0da36b7c062ec0c7957e11d67eb2debe18dd2b940378fe34aafe06cd6e84632
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 888ee2e3842da5f42538aaefd736a805698050176405e75e5cf9b89f47579fda
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90A11371E102588FDB1ACF68C894BEDFB71AF45300F14C299E449EB78ADB349984CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0036C9B9 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: array
                                                                                                                                                                                                                  • API String ID: 0-2701979319
                                                                                                                                                                                                                  • Opcode ID: f7574a9fab09b64ef98307a473b86b8197af7ff6ce7bc93df0bf31aeaea48ef7
                                                                                                                                                                                                                  • Instruction ID: ee7afb572028966886cb4b6a4181e31184a20fff1741632b994897e64489e464
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7574a9fab09b64ef98307a473b86b8197af7ff6ce7bc93df0bf31aeaea48ef7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7810471E102188FDB1ACF68CC84BEDBB75AF45300F14C299E44AEB78ADB349985CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0036CDF7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 0036D0A5
                                                                                                                                                                                                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 0036D0B8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ___std_exception_destroy
                                                                                                                                                                                                                  • String ID: array
                                                                                                                                                                                                                  • API String ID: 4194217158-2701979319
                                                                                                                                                                                                                  • Opcode ID: c76fb320de573e67e942e3c161b5c7a80ebd26e08364407a81ad48a71c08c1cf
                                                                                                                                                                                                                  • Instruction ID: 40c64fe4bd2ad153413426d6bf1414433d4e8ea79fad0d2ec37b22485767c7e8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c76fb320de573e67e942e3c161b5c7a80ebd26e08364407a81ad48a71c08c1cf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4610571E102188BDB1ADF68CC95BEDBB75AF85300F14C26DE406EB78ADB349984CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B3BFC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __aulldiv
                                                                                                                                                                                                                  • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                  • API String ID: 3732870572-1956417402
                                                                                                                                                                                                                  • Opcode ID: 40d10659db9d0e33b4b9b06359633ab465df5857b1a8bfc2e5609c13cba2f374
                                                                                                                                                                                                                  • Instruction ID: 75c2f05da555630fcd14d08f897cd0dc6be0e373951258f0a028507773118153
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40d10659db9d0e33b4b9b06359633ab465df5857b1a8bfc2e5609c13cba2f374
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8051F570A042689BCF278FAD84917FEBFB9AF45308F16405EE691E7A41D2708F468B50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AC090 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 003AC260
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                  • API String ID: 118556049-2658103896
                                                                                                                                                                                                                  • Opcode ID: 5f150c587a67ff258b310243c0089fca96cc16f29c64da650ab05bc221367cc3
                                                                                                                                                                                                                  • Instruction ID: 33a6bbc589fc68c39dd2955aa1100c3035c4e86e9cc37c8d01c986089ea74a1a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f150c587a67ff258b310243c0089fca96cc16f29c64da650ab05bc221367cc3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7451D4B1D003489FDB11DFA4C841BEEB7B8FF4A304F14862AE845AB741E775A949CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BF2CF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 003BF2D6
                                                                                                                                                                                                                  • swprintf.LIBCMT ref: 003BF34E
                                                                                                                                                                                                                    • Part of subcall function 003B6711: __EH_prolog3.LIBCMT ref: 003B6718
                                                                                                                                                                                                                    • Part of subcall function 003B6711: std::_Lockit::_Lockit.LIBCPMT ref: 003B6722
                                                                                                                                                                                                                    • Part of subcall function 003B6711: int.LIBCPMT ref: 003B6739
                                                                                                                                                                                                                    • Part of subcall function 003B4284: _wmemset.LIBCMT ref: 003B42AE
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3H_prolog3_LockitLockit::__wmemsetstd::_swprintf
                                                                                                                                                                                                                  • String ID: %.0Lf
                                                                                                                                                                                                                  • API String ID: 2528782737-1402515088
                                                                                                                                                                                                                  • Opcode ID: fcd68f2e388d347add3d6935260d1c91b904a607962fd8480e943e33bf6ba937
                                                                                                                                                                                                                  • Instruction ID: 5ed0155b2fa12600b98d42d7ea07fe752265775ffa5dcac2a2213541de1a7098
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcd68f2e388d347add3d6935260d1c91b904a607962fd8480e943e33bf6ba937
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26511675D00218AFCF0AEFE4DC45AEDBBB9EB08304F10441AE606AB2A5DB359955CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BF5C8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 003BF5CF
                                                                                                                                                                                                                  • swprintf.LIBCMT ref: 003BF647
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::_Lockit.LIBCPMT ref: 0038DE4D
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::_Lockit.LIBCPMT ref: 0038DE70
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::~_Lockit.LIBCPMT ref: 0038DE90
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::~_Lockit.LIBCPMT ref: 0038DF1D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3_swprintf
                                                                                                                                                                                                                  • String ID: %.0Lf
                                                                                                                                                                                                                  • API String ID: 898875175-1402515088
                                                                                                                                                                                                                  • Opcode ID: f797200bc7707e8805c605e257a0d4de0e371b7ed7231defe2bf1d38df120c3d
                                                                                                                                                                                                                  • Instruction ID: edcfdfe6c3878dbf7e173d3edc12fa25aa3dc00ea6032908003475b346a3db2c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f797200bc7707e8805c605e257a0d4de0e371b7ed7231defe2bf1d38df120c3d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03514771D00218AFCF0AEFE4DC45AEDBBB9FF08304F104459E606AB2A5DB359955CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C42A9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 003C42B0
                                                                                                                                                                                                                  • swprintf.LIBCMT ref: 003C4328
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: __EH_prolog3.LIBCMT ref: 003B0BA2
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: std::_Lockit::_Lockit.LIBCPMT ref: 003B0BAC
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: int.LIBCPMT ref: 003B0BC3
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: std::_Lockit::~_Lockit.LIBCPMT ref: 003B0C1D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$H_prolog3H_prolog3_Lockit::_Lockit::~_swprintf
                                                                                                                                                                                                                  • String ID: %.0Lf
                                                                                                                                                                                                                  • API String ID: 2994408256-1402515088
                                                                                                                                                                                                                  • Opcode ID: d80e6dde4da159f410378b438c387685ddbf7a0f79b031b5afd1d489db67ae05
                                                                                                                                                                                                                  • Instruction ID: 063f705b6eff3ae59118f5d4ca35afb36d40acebc314ba2274d12edc088744a6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d80e6dde4da159f410378b438c387685ddbf7a0f79b031b5afd1d489db67ae05
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92514871D00248EBDF0ADFE4D855AEEBBB9FF48300F108419E506AB2A5DB359955CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0037C250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00363800: GetProcessHeap.KERNEL32 ref: 0036382C
                                                                                                                                                                                                                    • Part of subcall function 00362940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,6CA27FDA,?,?,?,00000000,003E8670,000000FF,?,80004005), ref: 0036297A
                                                                                                                                                                                                                  • WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,WinHTTP 1.0), ref: 0037C38F
                                                                                                                                                                                                                  • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 0037C3B3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Http$FindHeapOpenProcessResourceTimeouts
                                                                                                                                                                                                                  • String ID: WinHTTP 1.0
                                                                                                                                                                                                                  • API String ID: 3179746780-2851767304
                                                                                                                                                                                                                  • Opcode ID: c5116f6ef7f4cfcde6dc1ea65711ef5298e318ef41d0264db76b29605f05e7a5
                                                                                                                                                                                                                  • Instruction ID: 42f5e9473ae0ea33aec4c3fcc21fafcfe8cd3c909e8c87234ae8186429039992
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5116f6ef7f4cfcde6dc1ea65711ef5298e318ef41d0264db76b29605f05e7a5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A41E270540304AFE712DF68DC99B997BA4EB11304F00C66EFA04AF2D2DBF99584CB98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C948D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EncodePointer.KERNEL32(00000000,?), ref: 003C94B2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: EncodePointer
                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                  • Opcode ID: d3df06a7bbe928960c8990e244ead7c1698dcf08ea20547dff78867b78d50f1b
                                                                                                                                                                                                                  • Instruction ID: e1dd84c00c3ea1ed67b2f272fe88b6eef3c5bab79d4c378b40689ff395f6fe3b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3df06a7bbe928960c8990e244ead7c1698dcf08ea20547dff78867b78d50f1b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0414572900209AFCF16DF98CD89FAEBBB5FF49304F16809AF904AA211D7359E51DB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C417D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 003C4184
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: __EH_prolog3.LIBCMT ref: 003B0BA2
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: std::_Lockit::_Lockit.LIBCPMT ref: 003B0BAC
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: int.LIBCPMT ref: 003B0BC3
                                                                                                                                                                                                                    • Part of subcall function 003B0B9B: std::_Lockit::~_Lockit.LIBCPMT ref: 003B0C1D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$H_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                  • API String ID: 2728201062-2494171821
                                                                                                                                                                                                                  • Opcode ID: c410778204515834373a18352c23f45276e25bed1a31cd4f64d33efc9e972925
                                                                                                                                                                                                                  • Instruction ID: 2c73868d5fbb5ab286bd392dee8782cd3f53acc51bc0d92b7de3c034b6cbd5b9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c410778204515834373a18352c23f45276e25bed1a31cd4f64d33efc9e972925
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5415831901218EFCF1ADFA8D891AEE7BB5EF08310F10046DF911AB251DB349E46CB54
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BF1A1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 003BF1A8
                                                                                                                                                                                                                    • Part of subcall function 003B6711: __EH_prolog3.LIBCMT ref: 003B6718
                                                                                                                                                                                                                    • Part of subcall function 003B6711: std::_Lockit::_Lockit.LIBCPMT ref: 003B6722
                                                                                                                                                                                                                    • Part of subcall function 003B6711: int.LIBCPMT ref: 003B6739
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3H_prolog3_LockitLockit::_std::_
                                                                                                                                                                                                                  • String ID: %.0Lf$0123456789-
                                                                                                                                                                                                                  • API String ID: 79917597-3094241602
                                                                                                                                                                                                                  • Opcode ID: edf788da316e1601b0d09a7e526934baa8b5f97ef57d5bf36d6aca0c7eb3d29c
                                                                                                                                                                                                                  • Instruction ID: ac78060a0ba724c519b55e977283e0ef312c2168b1402e021990252f6915bcc7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edf788da316e1601b0d09a7e526934baa8b5f97ef57d5bf36d6aca0c7eb3d29c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E414939900218DFCF0ADFE4D8819EDBBB5FF08314F10016AEA01AF655DB309A56CB54
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003BF49A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 003BF4A1
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::_Lockit.LIBCPMT ref: 0038DE4D
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::_Lockit.LIBCPMT ref: 0038DE70
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::~_Lockit.LIBCPMT ref: 0038DE90
                                                                                                                                                                                                                    • Part of subcall function 0038DE20: std::_Lockit::~_Lockit.LIBCPMT ref: 0038DF1D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3_
                                                                                                                                                                                                                  • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                  • API String ID: 2088892359-2494171821
                                                                                                                                                                                                                  • Opcode ID: 82d9afda11069df28d45ede79aff329441e200727c403a911abdb5021301bdf0
                                                                                                                                                                                                                  • Instruction ID: 59f9e40107b6ae0048a6cc684d41830b0049e6766861e3c792859983e25d51b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82d9afda11069df28d45ede79aff329441e200727c403a911abdb5021301bdf0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F414C31910219DFCF16EFA8D8819EE7BB5FF09314F10016AE902AB251DB34AE56CB95
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003C07B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                  • String ID: !%x
                                                                                                                                                                                                                  • API String ID: 855520168-1893981228
                                                                                                                                                                                                                  • Opcode ID: 0cf894798607b9d29d668cf08cc2d4229dacccf951327d5878dd37672e02436e
                                                                                                                                                                                                                  • Instruction ID: e241422294d8eab7b9e4160a8375590fc84b4950dd3260f7aebbd7d320146271
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cf894798607b9d29d668cf08cc2d4229dacccf951327d5878dd37672e02436e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82315875A01249EBDF06DFA4D981EEEB7B6FF08304F108429F905AB251E734AE15CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003836B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 003836DB
                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0038372A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                  • API String ID: 3988782225-1405518554
                                                                                                                                                                                                                  • Opcode ID: daa0103cf02d24a88af533b0b35c3145651a641046136a39b23e7a1b1909cbfc
                                                                                                                                                                                                                  • Instruction ID: adb2f0b7e28f706f166c17d1d766f6adcdf210750327aa86d7cdc4c584aed1c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: daa0103cf02d24a88af533b0b35c3145651a641046136a39b23e7a1b1909cbfc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE11E4B19047409FD321CF68D801747BBE8EF19710F004A6EE889C7B80E7B4A504CB95
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AEB9A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 003AEC22
                                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?), ref: 003AEC47
                                                                                                                                                                                                                    • Part of subcall function 003C738A: RaiseException.KERNEL32(E06D7363,00000001,00000003,?), ref: 003C73EA
                                                                                                                                                                                                                    • Part of subcall function 003D2C5F: IsProcessorFeaturePresent.KERNEL32(00000017,003CA182,?,003CA0F1,00000004,?,003CA300,?,?,?,?,?,00000000,?,?), ref: 003D2C37
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                  • Opcode ID: d061ee82556a928717b283dcb23d4ab14e1cfe6263073a6542d4b2160f63a5e4
                                                                                                                                                                                                                  • Instruction ID: d6e7b4d1daa4712b2d66ce449c4b218f65f2c859a469d87bc74e1b0bbd07c389
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d061ee82556a928717b283dcb23d4ab14e1cfe6263073a6542d4b2160f63a5e4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C21BE32D0021CABCF36DF98D885AAEB3B8EF45720F55041AE816AB250D730AD45CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003B15AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: H_prolog3_
                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                  • API String ID: 2427045233-2658103896
                                                                                                                                                                                                                  • Opcode ID: d60821870622483894aec8b15acda784029bdb1a83f3309830fcf1b0e07f5102
                                                                                                                                                                                                                  • Instruction ID: 27e194e7098c5346810862da2aec9f6300efc77b9927258588bc577933035578
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d60821870622483894aec8b15acda784029bdb1a83f3309830fcf1b0e07f5102
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93115175D40B449EC722EFB4D441B9ABBF4AB0A700F04891AF595DB681EB70E504CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 003AD92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 003AC7A0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,003AD95B,75A8E8E0,80004005), ref: 003AC7A5
                                                                                                                                                                                                                    • Part of subcall function 003AC7A0: GetLastError.KERNEL32 ref: 003AC7AF
                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(75A8E8E0,80004005), ref: 003AD95F
                                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule), ref: 003AD96E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 003AD969
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000011.00000002.2383927446.0000000000361000.00000020.00000001.01000000.00000017.sdmp, Offset: 00360000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2383900210.0000000000360000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384017957.00000000003F0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384081195.000000000040B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384121498.000000000040C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384210991.000000000040F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000011.00000002.2384260746.0000000000411000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_17_2_360000_fast!.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                  • API String ID: 3511171328-631824599
                                                                                                                                                                                                                  • Opcode ID: aa1a4836841dce38e4a94273ebc639f1a83a0d3a22186d676a36b42e472f465f
                                                                                                                                                                                                                  • Instruction ID: b27952470bfcd59458b936e4881422dc3e7de2300b6aca7234fc71424ee1632a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa1a4836841dce38e4a94273ebc639f1a83a0d3a22186d676a36b42e472f465f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91E06DB02047408FD366AF38D9083637BE4EF02304F00891DE896D6652EBF1E448CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%